OK, part of the problem again is we are talking about something with some of the facts. And, when I say that, I mean we/I don't quite understand the whole process. Thanks Chris for trying to update. I think even AC hasn't got their head around it. I think AC came up with this idea to improve encryption for better security starting with 9.1. All good. But, then someone tried to restore an earlier backup, like 6.3.3 because they wanted to upgrade, it didn't work. So, uh oh. Well, we can fix this by taking the older .enc file and encrypting it so it was at the level of the 9.1 version. In other words, 9.1 and higher versions, 9.2, produce this .enc file that is at a level 5 (maybe 256-bit), I don't know. Where all the others were at a level 4. I do think that you can use 9.1 to restore 9.1. (more later). Caveat, again I am not sure if I understand correctly, but this is my sense. So, when AC became aware that 6.3.3 or 7.0 wouldn't work on 9.1, they couldn't go back and change 9.1 (this would be a great place to have patches), they figured, well we can change these level 4 files by making them level 5, not so much so they would be more secure (they would), but now they would be able to restore a 9.1 machine.
So, in short. 9.1 nicely makes a more secure backup. But, it now can't restore a less secure one. What to do? Have support change it. I think the issue is, AC doesn't understand that even making practices upload a file even for four hours, but probably more like 24, would be a problem. They aren't doctors. It seemed like an easy fix. But, it isn't. And, for practices with local .enc backups with even 10GBs of II, it will be a nightmare. SO PLEASE MAKE AT LEAST ONE BACKUP THAT DOES NOT HAVE II. You can still do a scheduled entire backup at night. I can tell you, I do an .enc backup after last patient. It takes two minutes.
So, when you get on 9.1 or higher all of your backups will be the same. You WILL be able to backup and restore without bothering support.
NOW, what I think adds another level to this, and I may be wrong. But, I think even 9.1 backups won't work without support's help if you go to a virgin machine. I could be wrong here, but that would be where you are forced to do this upload/download process. And, if you are doing an elective move, then it's not a problem. You know you are going to move the database to the virgin machine on Sunday. You send your .enc file to AC on Friday. Maybe even close early. And, also, contact support to let them know so they are ready and waiting, so you aren't stuck on the weekend without a level 5 backup. When you get that file back (if you are doing this electively), the install on virgin machine, and you are golden. ALL OF THIS PARAGRAPH IS HELPFUL IF I AM CORRECT THAT YOU NEED SUPPORT EVEN WITH A 9.1 OR GREATER BACKUP IF YOU INSTALL TO A 9.1 VERSION ON A VIRGIN MACHINE.
Now. Assuming that is all true or at least the first part, this is very bad timing. Why? Because at or nearly the same time, AC changed their system to where you will need a temp activation key to unlock a program that is installed on a virgin computer. This is whether or not it is installed in your office or a new user somewhere five states away tries the trial version. This has nothing to do with the backup file. This is very much like activating Windows. You purchase the license, and you install. If you uninstall and install to the SAME computer, but some hardware has changed, say the processor and RAM, Windows won't recognize it. You must call Windows for a new license. So, even if you bought a new computer, you would not be able to use the same install disk to install Windows without Windows' blessing.
So, if you install AC to the same computer it will recognize things in the database and allow it to install. Same version, upgrade; doesn't matter. If you try to install any version to a virgin machine, there will be no database, and the new install will say, "Wait, this software hasn't been paid for." So, it won't install. So, you email support and they send a temporary key, and it installs and when you restore your data or put in your real key, you are fine.
I am rather sure the same thing happens with a new doctor in a new office who downloads a trial version. I am assuming he or she will have the same issue. And, they will contact AC and get a temporary license. I could be wrong. But, if this is the case, then it is backwards. A trial version should install and run for 30 days before requiring a license. AND I THINK THIS MAY WORK. I do know when I tried to install a beta version sent to me by AC, it would not install without the key UNLESS I installed over a non-virgin machine with a database. But, that would be installing a beta version in a production network. So, I think trials may be OK. I am not sure.
So, I think this is why some are confused about the temporary installation key and .enc being part of the same process. If you install AC on a virgin machine, it will require the temp key. And, it will require a new .enc file if it is 9.1 or higher.
1. You install v8 on virgin machine and use v7 backup, you are fine, but you will need temp key.
2. If you install v9.1 on a virgin machine and use v8 or even v9.0 backup you will need temp activation key AND upload/download re-encrypt.
3. If you install 9.1 on a virgin machine and use a v9.1 backup, you will need temp key and you can use the 9.1 backup.
Basically, you will always need the temp key, if you install to a virgin machine.
If all true, and even if some true, here are some suggestions. Sorry if they are wrong. Again, it is complicated, and I haven't had time to go through all the machinations, but I did succeed once (not knowingly) using this method:
Three possible workarounds and one highly recommended recommendation, if that makes sense:
1. Make your second best computer or the one that you would consider using whether elected or in an emergency and turn it from a virgin machine into a non-virgin machine) Install your current version on virgin computer. It won't install. Email support and get a temp key. Complete install and disable ability to anyone browsing to it instead, change or remove the .xml file. There are other ways to disable it temporarily. It can be made the real database in seconds. Now you have a machine that can be installed to with any version without the temp key.
2. You can install the version you are using, change as above, and still install 9.1 without a temp key. If you do this, now you have a non-virgin computer that you can switch to with a 9.1 backup if you have one, without the re-encrypt. It is 9.1 and will accept a level 5 backup produced by 9.1 or higher. Personally, I don't think this would be necessary unless you are leaning toward 9.1, and you have a crash. But, I don't think installing 9.1 to the new machine would take longer than 20 to 30 minutes.
Some recommendations:
The above. Pick a new machine. Install AC. Get a key. Continue installing. I have done this.
If you really want to be golden, and you are using 9.1 install to new machine, get a key, and you are all set for either crash or testing backups.
If you are using AC .enc backups with II, go ahead and do so as usual, but do one without II. So, if you need to move level 4 to level 5 (and .enc prior to 9.1), you have a 100MB file and not a 30GB file to restore that you can do quickly. You will need to make sure you have a backup of II somewhere else so you can add to the new restore.
Do a complete restore daily of server/main computer or use a SQL server backup. You can also backup SQL server using SSMS. That is the best backup of SQL. If you backup SQL server in any way, whether whole backup or log file backup (every five minutes), you need to back up with a program that is SQL backup compatible. Even with online backups.
AC:
Again, if any of my assumptions are correct.
Get rid of the temp key and allow software to install and use license we have already paid for. This isn't like Windows or Office or Adobe or any other software. There is no advantage to having multiple databases. You can only use one at a time.
Do a recall of 9.1. Get rid of the level 5 backup situation until AC can figure out a way for us to change it. Much like a database tuner. Imagine if when we had to use a database tuner, we had to send it to AC and back to tune our database to the new SQL database.
9.2, which is now in beta can be changed to not make this level 5 backup OR, even better, allow it to make level 5 backup, but allow it to accept level 4 backup.
Sooner or later, people will move to 9.1 and have level 5 backups. These level 4 backups ARE HIPAA compliant. This is a voluntary security increase by AC (I think at the request of Pri-Med). The reasoning as stated above by AC is to stay ahead of the people who make malware. Remember, ransomeware, by far, is the biggest problem with malware today. I don't think it affects .enc files, but I could be wrong. But, a level 5 backup will be susceptible as well. The only defense against ransomeware is certain A/V antimalware software, which is being developed as we speak, there are some improvements in Hyper-V Windows Server 12 OS. But, the best is full backups that are disconnected.
Even now, AC backups of any kind should be backed up to hardware which you can disconnect.
Very quickly come forth with total transparency and explanation of both of these changes. There are a few things going on behind the scenes for the good, which may delay this a week.
Summary:
The temp key at the moment is the least of your concern. Make a non-virgin machine. Or realize you may have to wait four to 24 hours to obtain. These temp keys should be available 24/7/365 by AC. Not sure if they are. Doubtful.
If you have 9.1 or are going to switch to 9.1, PLEASE do your .enc files with and without II. Find a second way to backup II.
Installing to a virgin machine on your network is a good idea. If you do so for a rainy day restore, I would at least email AC for a key to see how the process works and how long it takes. Try it also on the weekend. Try it Sunday at 5 pm.
If you are going to need to do an elective restore and will need an .enc file, contact AC support ahead of time and tell them I will be sending my file at 6 pm Friday or 8 am Saturday so they are aware.
If you think that if you have a crash or you are considering v9.1 go ahead and install it on a virgin machine and get a temp key so you can restore it and are good to go. If this is not going to be your actual database, disable it in some way. If the .xml file is removed or if you change the name to .xmlold, it will be there when you need it.
Please do not just rely on AC backups. This is not a good idea anyway. When I write on backups or give a talk, my first comment is your most important backup is your complete server/main computer backup nightly. Hopefully an image. And, even better, a bare metal restorable image. Back them up nightly. Check they are being backed up weekly and test them monthly. NOT OVER THE PRODUCTION MACHINE.
Sorry this is so long. If only part of it is right, you should still have a better understanding of what is happening. If all is right, and you are still confused, at least you will have a better understanding. You can PM me with questions.
Also, another take home message. Both of these changes do make sense. Both help with security. I just think, in my opinion, AC neither knew these changes would result in this, and I don't think they realize their fix is not enough of a fix. The overall chaos hasn't hit a crescendo, because most people are not needing to install programs to a virgin machine or upgrade to 9.1 using a level 4 backup.
The irony here is that while some have said otherwise, I have always found the .enc file backup to be extremely reliable and rock solid, bullet proof. ACPM is changing this.
