Yes and no.
All the data backed up by a client in encrypted format stays encrypted, it
can only be decrypted by the original client (or a client with the original
encryption key). If you turn on encryption on the drives that's OK, if
client-encrypted data gets sent there via MOVE DATA, reclaim, or BACKUP
STGPOOL, it will work fine. The drives apply their own encryption
algorithm, but it's transparent to everybody. The drives won't be able to
compress the client-encrypted data, but you're no worse off than you are
now.
But if you turn on tape encryption, you can turn off client encryption.
Then the drives will compress first, then encrypt, so you get
good compression ratios for the data. If you send your onsite data to a
de-dup VTL and your TSM copy tapes to encrypting drives, you will get the
benefits of dedup in the VTL and the benefits of compression on the
drives. As older data expires, your overall compression ratio will get
better over time.
On 1/24/08, Hart, Charles A <charles_hart AT uhc DOT com> wrote:
>
> Is it possible to change from Client Encrypt to Tape Device Encrypt?
> (i.e. LTO4 / 3592 etc) The you're encrypting your offsite but your
> onsite is now getting better "Factoring" compression ratios.
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> Of
> lamont
> Sent: Wednesday, January 23, 2008 11:18 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: [ADSM-L] Data Deduplication
>
> Hi Curtis,
> Unfortunately, this was already the case when I came, client encryption
> is the only option and the tapes are needed to be sent to offsite.
> I think we need to consider this - enabling/disabling client encryption
> and see how - in the test case on the upcoming POC with a de-dupe
> vendor.
>
> Thanks.
>
>
> cpreston wrote:
> > The other posters are correct. You will get 1:1. Dedupe works by
> > finding patterns. There are no patterns in encrypted data.
> >
> > One question would be why would you do that? Most people are
> > encrypting data as it leaves their site. The best way to do that is
> > hardware encryption (tape drive or SAN-based). Do that on the other
> > side of your dedupe box and before it goes to tape -- not at the
> > client -- and you'll have no issues with dedupe.
> >
> > ---
> > W. Curtis Preston
> > Backup Blog @ www.backupcentral.com
> > VP Data Protection, GlassHouse Technologies
> >
> > -----Original Message-----
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> > Of lamont
> > Sent: Wednesday, January 23, 2008 12:29 AM
> > To: ADSM-L AT VM.MARIST DOT EDU
> > Subject: [ADSM-L] Data Deduplication
> >
> > Hi,
> > What would likely be the de-dupe ratio if tsm clients do archive
> > processing daily (file level, no tdps) with encryption enabled?
> >
> > Thanks.
> >
> > +---------------------------------------------------------------------
> > +-
> > |This was sent by alancb AT gmail DOT com via Backup Central.
> > |Forward SPAM to abuse AT backupcentral DOT com.
> > +---------------------------------------------------------------------
> > +-
>
>
> +----------------------------------------------------------------------
> |This was sent by alancb AT gmail DOT com via Backup Central.
> |Forward SPAM to abuse AT backupcentral DOT com.
> +----------------------------------------------------------------------
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity to
> which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>
|
