Veritas-bu

[Veritas-bu] To ensure overwrites

2000-11-09 12:21:10
Subject: [Veritas-bu] To ensure overwrites
From: W. Curtis Preston curtis AT colltech DOT com
Date: Thu, 09 Nov 2000 09:21:10 -0800
At 10:29 AM 11/9/00 -0600, John_Wang AT enron DOT net wrote:


>Hello Curtis
>
>OK, relabeling sounds good even though I'm not sure if the degaussing concern
>applies to AIT tapes.    But since the tapes are in the library then ideally I
>would need to be able to:
>      1) take a specific drive offline so no backups will be using it
>      2) command the robot to put the specific tape in that specific drive
>      3) use bplabel with the -u or the -d specifier to label the tape in that
>drive
>      4) command the drive to eject the tape
>      5) command the robot to return the tape to it's slot
>      6) release the drive for use

Assuming that all you want to do is relabel the drive, you only have to 
tell NetBackup to bplabel it, specifying the appropriate pool, density, and 
name.  You do NOT need to put it in a drive, and tell it to use that 
drive.  If you've got an autoloader, then NetBackup will automatically put 
the tape in a drive for you.

>I guess I could set up seven pools and schedule each day's backup to a 
>separate
>pool such that by the time the given day of the week comes around, the tape
>would've expired but would the active tape expire before or after it gets
>appended to? (I guess either a retention level of 6 days must be set or 
>there's
>the possibility of a run being a minute before last weeks run and 
>allocating the
>active tape.

Ugh.  What a mess this weird requirement is imposing on you.  What you 
could do is suspend the tapes after a night's backups.  That way, the tapes 
will not get appended to the next day.  Then you could relabel them.

The others are right. Relabeling is only minimal protection against a 
hacker.  Someone who REALLY knew what they were doing could get past your 
label.  But then they would encounter a multiplexed image from NetBackup 
that they would need to decipher.  I'd like to see someone read a 
multiplexed image from NetBackup w/o NetBackup.  Sure -- it's 
possible.  NetBackup does it when they import tapes.  The chances of a 
hacker having the knowledge to pull it off?  Pretty small, IMHO.  (If it's 
that important, you could also encrypt the data going to the tape.)




<Prev in Thread] Current Thread [Next in Thread>