JERA: Jera Encrypted Remote Archive

Backup and Restore technology that provides rock-solid security and is easy to use!

K-PC Conseilleurs Ltée is a distributor for Jera Encrypted Remote Archive Systems. We highly recommend this system as Jera is designed for unmatched data security coupled with ease of use. It is simple to restore any file at any time from any of the backups.

The Jera Backup and Restore System was developed by a computer security expert, who believes that being paranoid about who has control of your backed up data is a good thing. You should be the only one who has access, the only one in control, all the time. Online backup services that store your backups in the 'Cloud' are fine if you don't mind someone else having access to your data, having control of where your data is stored, or having your sensitive data exposed to the Internet. You have no control over what happens in the 'Cloud'.

Jera Features

• One time configuration for each set of data, from any to all of your networked computers.
• Backups happen automatically.
• Maintains multiple versions (different dates) of your data
• Jera is a complete hardware and software technology solution, compatible with all modern operating systems.
• This technology provides you with two physical backup servers. Your own on-site machine is called a site-server. The other unit is called your head-end server.
• Access is from your own computer using a simple web interface.
• All data is stored securely encrypted.
• There are User Levels, User Names and Passwords to allow monitoring and to control authorised use.
• It is easy to restore data from the backup.
• Provable differential and de-duplication backup technology helps to limit rate of data growth.

Security

Security can mean several different things. Data stored on paper which has since been shredded, incinerated, and re-cycled as lawn fertilizer may be said to be quite secure: no unauthorized people have access to it. It is clearly not useful to the authorized person seeking access to the information so stored. Jera is designed to maintain a good balance between the security that your data will not be read by other people, and the security that you will always have access to it.

Jera Security features in more detail (for the curious):

Data Security

• Primary data encryption is by GnuPG using a 2048-bit DSA key pair to encrypt session keys (randomly chosen for each stored block) for an underlying 256-bit AES cipher (as implemented in OpenSSL) which is used to encrypt the data payload.
• Communication over the Internet is encrypted using VPN tunnel based on SSL using a 256-bit AES cypher with randomly chosen and regularly regenerated session keys.
  Authentication is via bi-directional DSA certificate verification. To protect the VPN communications infrastructure, the certificate authority signing key is kept on a dedicated computer in a physically secure area with no network or remote communications devices connected. To guard against a potential attack using any individual compromised Jera site server key, VPN communications are firewalled and restricted to point-to-point links.
• The core file systems and block devices of the Jera server are encrypted with 256-bit AES (the Linux 2.6 kernel implementation), which serves two purposes.
  Encryption of the root file systems provides some degree of tamper resistance against an attacker with physical access to the server, and the encryption of the virtual memory block device ensures that any data which may have been stored in a temporary file or swapped out to virtual memory will be un-recoverable following a reboot or shutdown.
• The Jera console (required for field service) is secured with a complex randomly-chosen root password, provided to technicians in the form of a paper hard-copy. It is normally only possible to access the Jera server's console by physically connecting a monitor and keyboard (or a serial terminal emulator) to the Jera server and then logging in with the root password.

Secure Access to your Data

• Jera normally tries to maintain three copies of your data: the original source, an encrypted backup on your local Jers server, and a second encrypted backup on an off-site Jera head-end server. The first backup provides you with a quick and convenient way to restore data which has been lost or modified on the original source. The off-site backup on the head-end server is maintained in case of theft, sabotage or catastrophic failure of your local Jera server.
• Hardware for Jera backup servers is purchased from 'first-tier' manufacturers and undergoes considerable stability testing before being deployed into the field. This usually results in an exceptionally stable and reliable device.
• The Jera software is designed to recover automatically from most possible error conditions, including random power loss and communications failure.