AIR Gap For Backup protection

What Does Air Gapping Mean?


The answer is pretty simple. An air-gapped backup, as part of your backup and recovery strategy, is a copy of your organization’s data that’s offline and inaccessible. Without an internet or other network connection, it’s impossible for your backup device to be remotely hacked or corrupted. That leaves only a direct physical attack as a means to getting to your data. Traditionally, air gapping has been referred to in the context of tape backups, but today’s options for backing up to the cloud offer a virtual equivalent of air-gapped tape. But, while the cloud’s object-based storage defenses are incredibly powerful, a physically air gapped backup is your absolutely final line of defense.

Updating the 3-2-1 Rule

This ties back to our recent post about StorageCraft’s take on the traditional 3-2-1 rule. There we discuss how you should store one copy of your backups in a secure, offsite location. If that offsite copy is disconnected, it’s protected from malicious software, direct cyberattacks, and other threats. It also protects your backups even if ransomware compromises admin passwords or other data. If everything else fails, your air-gapped backups should be capable of restoring your entire network system.

Air Gapping Challenges

Although air gapping is your ultimate defense against disaster, it can also be costly in terms of labor. When your backup device is completely disconnected from your network, the only way to access it is with direct physical contact. That limits your ability to automate backups, and, while there are automated solutions available, any device that is connected from a network could become compromised. That means going to the device and physically transferring data is your best bet.


Ultimately, whether you choose to include air-gapped backups in your strategy depends on your unique situation. What matters most is that you have a solid backup and recovery plan in place and that you keep it up to date. StorageCraft offers solutions for organizations of every size that simplify backup and recovery and ensure your data is always protected.

What is Azure Key Vault and how to configure it with the dotnet core application

What is Azure Key Vault?

Azure Key Vault is a cloud-based service offered by Microsoft Azure that provides secure storage for keys, secrets, and certificates. It allows users to create and manage cryptographic keys and secrets used by cloud applications and services. Azure Key Vault enables users to store sensitive information such as passwords, connection strings, API keys, and certificates in a secure manner.

Azure Key Vault uses hardware security modules (HSMs) to provide enhanced security for cryptographic keys and secrets. HSMs are physical devices that are designed to securely store and manage cryptographic keys. Azure Key Vault also supports multi-factor authentication and access control policies to ensure that only authorized users and applications can access sensitive information stored in the Key Vault.

Azure Key Vault can be used to store a wide range of keys and secrets, including SSL/TLS certificates, cryptographic keys, passwords, and API keys. It can be accessed through a REST API or using SDKs for various programming languages. Azure Key Vault can also be integrated with other Azure services such as Azure Active Directory, Azure Functions, and Azure DevOps.

Configure Azure Key Vault with .Net Core 6 Application:

Step 1: Create an Azure Key Vault

First, you need to create an Azure Key Vault in your Azure subscription. Here are the steps:

  1. Log in to the Azure Portal and go to the Azure Key Vault page.
  2. Click the “+ Add” button to create a new Key Vault.
  3. Fill in the required information, such as the name, subscription, resource group, and region.
  4. Set the access policies for your Key Vault. This is where you define who has access to your Key Vault and what they can do with it. For example, you might want to allow a specific Azure AD user or group to access your Key Vault.

Step 2: Create a .NET Core 6 application

Next, you need to create a .NET Core 6 application. Here are the steps:

  1. Open Visual Studio 2022 or higher and create a new .NET Core 6 Console Application project.
  2. Install the Azure.Extensions.AspNetCore.Configuration.Secrets package by running the following command in the Package Manager Console:

Install-Package Azure.Extensions.AspNetCore.Configuration.Secrets
  1. Modify the Program.cs file to load configuration settings from the Azure Key Vault:

using Azure.Extensions.AspNetCore.Configuration.Secrets; using Azure.Identity; using Microsoft.Extensions.Configuration; var builder = new ConfigurationBuilder() .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true) .AddUserSecrets<Program>() .AddEnvironmentVariables(); builder.AddAzureKeyVault(new Uri("https://<your-key-vault-name>"), new DefaultAzureCredential()); var configuration = builder.Build(); // Use configuration values here

Note: Replace <your-key-vault-name> with the name of your Azure Key Vault.

Step 3: Grant access to the application

Finally, you need to grant access to the .NET Core 6 application to access the Azure Key Vault. Here are the steps:

  1. Go to the Access policies page of your Azure Key Vault.
  2. Click the “+ Add Access Policy” button to add a new access policy.
  3. Select the principal type. This is the identity that you want to grant access to.
  4. Select the permissions that you want to grant. For example, you might want to grant “Get” and “List” permissions to allow the application to read secrets from the Key Vault.
  5. Click the “Add” button to add the access policy.

That’s it! Your .NET Core 6 application should now be able to read configuration settings from the Azure Key Vault.

Azure Key Vault Troubleshoots:

There could be a few different reasons why your Azure Key Vault connection is randomly failing

  1. Ensure that the Azure Key Vault access policies are correctly configured to allow access from your application. Make sure that the application’s identity (e.g. managed identity or service principal) is included in the access policies with the appropriate permissions.
  2. Check your application’s code to ensure that it is handling authentication and authorization correctly. Make sure that it is using the appropriate credentials to authenticate with Azure AD and obtain a token to access the Key Vault.
  3. Check your network connection to ensure that there are no intermittent issues that could be causing the connection to fail. For example, if you are using a VPN or a firewall, make sure that the appropriate ports are open and that there are no network connectivity issues.
  4. Check the Azure Key Vault logs to see if there are any errors or warnings that could provide more information about the issue. You can use the Azure Portal or the Azure CLI to view the logs.
  5. If the issue persists, consider contacting Microsoft support for further assistance. They can help you troubleshoot the issue and identify the root cause.

special thanks to my Friend