Abstract: Described is a system for secure distribution of a client certificate private key to client-based services. The system implements a specialized technique to minimize exposure of a key-encryption-key (KEK) that may be used to secure the client certificate private key that is managed by a certificate manager (CM). A client-based service generates a one-time secret message that is encrypted with the symmetric key and provided to the CM as part of a request to access the private key. The CM authenticates the request originates from a trusted before decrypting the private key with the KEK that remains known only to the CM. The CM then encrypts the decrypted private key with the secret message and provides the client-based service access to private key that is encrypted with the secret message.

Abstract: A system clock is protected by limiting clock changes, change frequency, and calculating skew. System and secure clocks are initialized to a same time. First and second thresholds are set. The first threshold corresponds to an alert and the second threshold corresponds to an action. At a time interval at which the secure clock is to be updated, a skew is calculated between the system and secure clocks, and a cumulative skew is calculated. Upon a determination that the cumulative skew has reached the first threshold, but not the second threshold, the alert is triggered while deletions of files having retention locks that have expired according to the system clock are allowed to continue. Upon a determination that the cumulative skew has reached the second threshold, the action is triggered. The action includes blocking the deletions of files having retention locks that have expired according to the system clock.

Abstract: Described is a system (and method) for securely authorizing service level access to a backup system using an access key. The service level access (or access via a service account) may provide a user with an enhanced set of privileges to perform troubleshooting operations on the backup system. Such privileges may be unlocked by allowing a user to perform operations using an unrestricted interface of the backup system such as an operating system shell. To authorize such access, the system may provide a limited (or specialized) access key. The access key may be narrowly tailored to only provide access to a particular backup system and only remain viable for a limited duration. Accordingly, the access key may be configured to embed a system identifier, a timestamp, and a digital signature, which may be independently verifiable by the backup system before granting service level access.

Abstract: A system clock is protected by limiting clock changes, change frequency, and calculating skew. System and secure clocks are initialized to a same time. First and second thresholds are set. The first threshold corresponds to an alert and the second threshold corresponds to an action. At a time interval at which the secure clock is to be updated, a skew is calculated between the system and secure clocks, and a cumulative skew is calculated. Upon a determination that the cumulative skew has reached the first threshold, but not the second threshold, the alert is triggered while deletions of files having retention locks that have expired according to the system clock are allowed to continue. Upon a determination that the cumulative skew has reached the second threshold, the action is triggered. The action includes blocking the deletions of files having retention locks that have expired according to the system clock.

Abstract: Described is a system (and method) for securely authorizing service level access to a backup system using an access key. The service level access (or access via a service account) may provide a user with an enhanced set of privileges to perform troubleshooting operations on the backup system. Such privileges may be unlocked by allowing a user to perform operations using an unrestricted interface of the backup system such as an operating system shell. To authorize such access, the system may provide a limited (or specialized) access key. The access key may be narrowly tailored to only provide access to a particular backup system and only remain viable for a limited duration. Accordingly, the access key may be configured to embed a system identifier, a timestamp, and a digital signature, which may be independently verifiable by the backup system before granting service level access.

Abstract: Secure communications are established in a non-secure environment between virtual machines configured as nodes of a virtual machine cluster having a virtual scale-out architecture without user intervention. When a new virtual cluster node is automatically and dynamically created and deployed by a virtual cluster master node, the master node embeds in a common image from which the new node is created an initial secret key for establishing initial trusted communications between the new node and the master node. The master node then passes a permanent secret key to the new node, opens an OpenSSL connection for creating a public key infrastructure, and signs the new node's CSR with its own public and private keys and sends the signed certificate to the new node.

Abstract: Secure communications are established in a non-secure environment between virtual machines configured as nodes of a virtual machine cluster having a virtual scale-out architecture without user intervention. When a new virtual cluster node is automatically and dynamically created and deployed by a virtual cluster master node, the master node embeds in a common image from which the new node is created an initial secret key for establishing initial trusted communications between the new node and the master node. The master node then passes a permanent secret key to the new node, opens an OpenSSL connection for creating a public key infrastructure, and signs the new node's CSR with its own public and private keys and sends the signed certificate to the new node.