Networker

Re: [Networker] how to setup encryption

2007-06-22 09:44:14
Subject: Re: [Networker] how to setup encryption
From: "Faidherbe, Thierry" <Thierry.Faidherbe AT HP DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Fri, 22 Jun 2007 13:39:23 -0000
You can quicker do that test using file/advfile device,
media management will be more easier, SSID in advfile 
is just like a file and not moving tape out of networker
control ...

I am also interrested with test results ;-)

HTH

TH 



Kind regards - Bien cordialement - Vriendelijke groeten,

Thierry FAIDHERBE

HP Services - Storage Division
Tru64 Unix and Legato Enterprise Backup Solutions Consultant
                                  
 *********       *********   HEWLETT - PACKARD
 *******    h      *******   -  1 Rue de l'aeronef/Luchtschipstraat
 ******    h        ******      1140 Bruxelles/Brussel/Brussels
 *****    hhhh  pppp *****   -  102 Blv de la Woluwe/Woluwedal
 *****   h  h  p  p  *****      1200 Bruxelles/Brussel/Brussels
 *****  h  h  pppp   *****   -> HP moves as from 20 August 2007
 ******      p      ******      Hermeslaan 1a - B-1831 Diegem
 *******    p      *******      BELGIUM                          
 *********       *********      
                                      Phone :    +32 (0)2  / 729.85.42
      I  N  V  E  N  T          Mobile :   +32 (0)498/  94.60.85  
                                Fax :      +32 (0)2  / 729.88.30
Enterprise number 0402.220.594  Email/MSN : thierry.faidherbe(at)hp.com

     RPM/RPR Brussels           Internet  : http://www.hp.com/

-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Conrad Macina
Sent: vendredi 22 juin 2007 14:09
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] how to setup encryption

I'm no expert on this: I've never used NetWorker encryption and I've
never
even read the Admin Guide about it. But I have spoken informally with
EMC
people on the topic, and this is my understanding:

I believe the intent of NetWorker encryption is to encrypt the data on
the
tapes, not to implement restore security. In other words, it protects
you
from the "lost tape" problem, not from yourself. There's only one
password,
and it's at the server level. As long as your server has the right
password,
you can restore data transparently, even though the tapes are encrypted.

To test this, I would suggest turning off encryption and backing up some
data to tape. Then turn encryption on and back up the same data to a
different tape. Then, use a utility like "dd" in Unix to examine and
compare
the two tapes. I suspect the data on the first tape will be readily
readable
and the data on the second will be scrambled. You could also do this
with
pre- and post-encryption tapes, since it should be easy enough to
differentiate between clear and encrypted text.

If you do this, please let the list know.

Conrad Macina
Pfizer, Inc.





On Thu, 21 Jun 2007 17:13:30 +0100, mark wragge <mark_t_wragge AT YAHOO DOT IE>
wrote:

>I have unsucessfully attempted to implement encryption on backups. I
have
followed the instructions in the admin guide. I have created a directive
using:
>  << / >>
>  +aes: *
>  I have configured the client to use the directive.
>  I have edited the networker server properties and entered a password
in
the Datazone Pass Phrase field.
>  Now that i have run a backup of the client i expect that i cannot
recover
using networker user without having to put in a password. I can recover
the
data without a request for the password.
>  Does this mean that encryption has not worked?
>
> Send instant messages to your online friends
http://uk.messenger.yahoo.com
>
>To sign off this list, send email to listserv AT listserv.temple DOT edu and
type
"signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
>via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
>=======================================================================
==

To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

<Prev in Thread] Current Thread [Next in Thread>