216 Copyright © Acronis, Inc., 2000-2009• IP address range.A machine remains in a dynamic group as long as the machine meets the group's criteria. Themachine is removed from the group automatically as soon as• the machine's properties change so that the machine does not meet the criteria anymore OR• the administrator changes the criteria so that the machine does not meet them anymore.There is no way to remove a machine from a dynamic group manually except for deleting themachine from the management server.Dynamic volumeAny volume located on dynamic disks (p. 215), or more precisely, on a disk group (p. 214). Dynamicvolumes can span multiple disks. Dynamic volumes are usually configured depending on the desiredgoal:• to increase the volume size (a spanned volume)• to reduce the access time (a striped volume)• to achieve fault tolerance by introducing redundancy (mirrored and RAID-5 volumes.)EEncrypted archiveA backup archive (p. 209) encrypted according to the Advanced Encryption Standard (AES). When theencryption option and a password for the archive are set in the backup options (p. 209), each backupbelonging to the archive is encrypted by the agent (p. 209) before saving the backup to itsdestination.The AES cryptographic algorithm operates in the Cipher-block chaining (CBC) mode and uses arandomly generated key with a user-defined size of 128, 192 or 256 bits. The encryption key is thenencrypted with AES-256 using a SHA-256 hash of the password as a key. The password itself is notstored anywhere on the disk or in the backup file; the password hash is used for verificationpurposes. With this two-level security, the backup data is protected from any unauthorized access,but recovering a lost password is not possible.Encrypted vaultA managed vault (p. 217) to which anything written is encrypted and anything read is decryptedtransparently by the storage node (p. 219), using a vault-specific encryption key stored on the node.In case the storage medium is stolen or accessed by an unauthorized person, the malefactor will notbe able to decrypt the vault contents without access to the storage node. Encrypted archives (p. 216)will be encrypted over the encryption performed by the agent (p. 209).ExportAn operation that creates a copy of an archive (p. 209) or a self-sufficient part copy of an archive inthe location you specify. The export operation can be applied to a single archive, a single backup (p.209) or to your choice of backups belonging to the same archive. An entire vault (p. 221) can beexported by using the command line interface.
