Siobhan,
I'm completely not familar with those kind of encryption devices. how can we
use them?
is it something we put before the Tape drives? (between SAN and tape)
however I fear that this will be a costly solution. isn't there anything we can
do using software (freeware). can't we add a | crypt somewhere to the networker
stream?
Bart
-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
On Behalf Of Siobhan Ellis
Sent: Tuesday, March 29, 2005 9:32 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] Encryption and password protection
Bart,
Legato looked at providing data encryption in NetWorker 7.x. However, due to
the performance impact of doing encryption at source (it reduced backup
throughput by as much as 60%, or more than doubled the time to do a backup), it
was seen as not such a good idea to do it in software. Legato decided to leave
this area to the professionals, such as NeoScale, Decru, and Digital
Information Systems.
All these companies do the encryption in hardware, and thus you get very low
latency with excellent encryption capabilities.
My personal favourite is/was Neoscale.
Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia
Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis AT enstor.com DOT au
>>> Bart.Jespers AT FUJITSU-SIEMENS DOT COM 29/03/2005 4:44:35 pm >>>
Hello All,
I have some questions about password protection and encryption with networker.
for a RFO we stated that networker can password protect and encrypt the data
flow. only afterwards we saw that apparently this is only possible on windows
and netware. The customer wants us to encrypt all data, also solaris and linux
clients
from the windows admin guide:
The password ASMs, available for Microsoft Windows and NetWare clients only,
are used to password-protect (pw1) or encrypt (pw2) data.
I have some questions about this
1) is it absolutely not possible to use those ASM's on linux and solaris
2) from the legato database I received a "solution" using a (unknown to
me) ASM : xlateasm. does this work? what does this do? below this email is more
info about it
3) can we encrypt or password protect data on an other way?
4) can we do compression and pasword protection (or encryption) in 1 directive.
so that the data of 1 client is encrypted and compressed.
Thanks
Bart
PS
Solution Information
Title:How to encrypt NetWorker client's backup data
ID:legato6254
Solution Statements
Here is the solution:
(Click Here To Go Back)
There is an ASM with NetWorker called xlateasm which can be added to client
side or server side directives.
Example:
<< / >>
+xlateasm: *
Would have the client encrypt all its data when sent to the server.
<< "C:\My Documents" >>
+xlateasm: *.*
Would have the My Documents folder on drive C: encrypted.
NOTE:
-----------
This option will slow restore procedures down on the Client side when the data
is decrypted before being written to the file system.
NOTE:
-----------
The encryption method used by xlateasm is not very sophisticated and
relies on the security of the encryption algorithm. Thus, we do not
publish what this algorithm is. No encryption key is required. However,
a hacker might well be able to figure out how to de-encrypt data either
by examining the executable code or by brute force. Therefore, we do not
recommend use of this method for any purpose other than to discourage
prying or eliminate the possibility of unintentional examination of
data.
(Click Here To Go Back)
Here is the problem or goal:
How to encrypt scheduled backups
Can scheduled backups be encrypted
Encryption for scheduled backups
Click here to see the problem environment.
__________________________________________________
Jespers Bart
IT Consultant LCNA
FSC Professional Services
Fujitsu<FONT COLOR="#000000" S
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
|