The following key features of the Enterprise Server Edition (ESE) backup client assist in assuring data integrity.
1. 256-bit AES-GCM encryption
During the backup process, data blocks are compressed with LZ4 and then encrypted on the client using the user’s encryption key specified when the account was created. This encryption occurs prior to data being transferred to the Storage Platform. Using a symmetric-key cryptographic block cipher, 256-bit Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) or AES-GCM, ensures authenticated encryption to guarantee data integrity. In addition, TLS (Transport Layer Security) is used to authenticate the data transfer and to create a secure session between the client and the Storage Platform.
2. Automatic error correction
Through AES-GCM, the integrity of each block of data is verified using its inherent checksum before being stored on the Storage Platform. Files that have become corrupt or are missing on the Storage Platform (due to disk corruption, for example) are identified by integrity checks and are retransmitted to the Storage Platform at the start of each backup.
3. Backup resumption
During a backup, the client maintains a rolling buffer of data transmitted to the Storage Platform. Whenever a connectivity drop and subsequent reconnection to the Storage Platform occur, the service resumes from the exact position of interruption, seamlessly continuing the backup without having to start at the beginning of the file. This is especially useful when large files are being transferred.
4. Multi-level integrity checking
Data integrity is confirmed on several different backup levels and fixed automatically to ensure that “stale” backups remain consistent.
Files are only stored once, in a shared store. Different accounts backing up the same files therefore just reference the shared store. Missing and corrupt files and data blocks are automatically corrected from the Storage Platform’s own redundant backup store (the shared store) or from MirrorServers (if available).