Hey, did you realize Neoscale went bankrupt and folded
a few months ago to my dismay. Rather disappoionting
if you ask me.
Check it out, Cipher has them now. (you may have
already known this I guess.
http://www.byteandswitch.com/document.asp?doc_id=141025&WT.svl=news1_2
Happy New Year! Hope you had a great holiday!
-Steve
--- Siobhán Ellis <siobhanellis AT HOTMAIL DOT COM> wrote:
> As always, the secret of encryption is key
> management. In my opinion the
> only solutions out there are Decru or Neoscale. My
> personal favourite is
> neoscale.
>
> NetWorker encryption, just like any backup product,
> is a tick item only.
>
> So, what should you look for in key management for
> backups?
>
> Well the devices should be application aware. I know
> Neoscale is, and I
> believe Decru is as well. This means you could, if
> you wish, selectively
> perform encryption on some tapes and not on others.
>
> Key management should be able to separate the roles
> of administrator and
> security officer (not possible with NetWorker)
>
> Key management should provide "clustering", so
> multiple devices can share
> the same keys if you choose
>
> Key management should enable you to say something
> like "If I loose my keys,
> I have 5 security officers. Any 3 can come together
> and recreate the keys"
>
> Key management should provide a failover capability
> so that a device at a
> remote site would have the same keys as a local one
> (DR)
>
> Encryption should enable you to compress then
> encrypt (NetWorker can't)
>
> Hope that helps
>
> Siobhan
>
>
> On 11/1/08 2:08 PM, "Stan Horwitz" <stan AT TEMPLE DOT EDU>
> wrote:
>
> > On Jan 10, 2008, at 9:38 PM, David Magda wrote:
> >
> >> On Jan 10, 2008, at 16:35, lemons_terry AT emc DOT com
> wrote:
> >>
> >>> All of these require a supporting environment to
> provide key
> >>> management, drive configuration, etc. For the
> TS1120 and T10000A
> >>> at least, this adds tens of thousands of dollars
> to the cost of the
> >>> drive itself, in my experience.
> >>
> >> I'm probably missing something, but why can't
> Networker do the key
> >> management?
> >>
> >> I would think that the logical way to implement
> encryption for these
> >> tape drives to have a SCSI command where you send
> a key and say
> >> "enable encryption". The back up software would
> then keep the key in
> >> its database and tie it to the back up session.
> >
> > Do you propose that some Joe NetWorker
> administrator have access to
> > his or her organization's security keys? I for one
> would not want to
> > have that level of responsibility. The person who
> holds the keys
> > should be in the data security group, not the
> backup group. I have
> > experimented with NetWorker 7.4's encryption
> feature last summer. As
> > soon as I got it working, my boss asked me never
> to use it again,
> > which is what I was hoping would happen. What
> would happen if the only
> > person who knows what the encryption key is gets
> struck by lightning
> > after having just changed the key in NetWorker?
> Without the key that
> > was used when an encrypted backup is done,
> recovering that data would
> > be impossible.
> >
> >> Then, when you want to restore or clone,
> Networker (or whatever)
> >> would look up the file's save set, get the key,
> send it to the
> >> drive, and tell it to decrypt the data as it
> comes off the media.
> >>
> >> Does anyone know of any documents or white papers
> that describes the
> >> architecture of this?
> >
> > Google is your friend. My favorite way to do
> encryption is
> > http://www.ingrian.com
> > but there are also other options.
> >
> > To sign off this list, send email to
> listserv AT listserv.temple DOT edu and type
> > "signoff networker" in the body of the email.
> Please write to
> > networker-request AT listserv.temple DOT edu if you have
> any problems with this list.
> > You can access the archives at
> > http://listserv.temple.edu/archives/networker.html
> or
> > via RSS at
>
http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
> >
>
>
> Siobhán
>
> To sign off this list, send email to
> listserv AT listserv.temple DOT edu and type "signoff
> networker" in the body of the email. Please write to
> networker-request AT listserv.temple DOT edu if you have
> any problems with this list. You can access the
> archives at
> http://listserv.temple.edu/archives/networker.html
> or
> via RSS at
>
http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
>
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|