Bart,
it sits in the data path. So in a FC environment there is an HBA in and an
HBA out. in a SCSI environment, SCSI in and SCSI out.
No, it isn't cheap, but not too expensive either. Question is, can the
customer afford the major degredation in backup times, plus the extra memory
and CPU it sucks - that all has a cost too.
Contact NeoScale (www.neoscale.com) who are in Milpitas California
Decru (www.decru.com) in the USA
Digital Information Systems in the UK (their product is called Paranoia)
Legato has customers already using all 3 solutions.
No, there is no sofware solution to the problem.
Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia
Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis AT enstor.com DOT au
>>> <Bart.Jespers AT fujitsu-siemens DOT com> 30/03/2005 4:55 pm >>>
Siobhan,
I'm completely not familar with those kind of encryption devices. how can
we use them?
is it something we put before the Tape drives? (between SAN and tape)
however I fear that this will be a costly solution. isn't there anything we
can do using software (freeware). can't we add a | crypt somewhere to the
networker stream?
Bart
-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]
On
Behalf Of Siobhan Ellis
Sent: Tuesday, March 29, 2005 9:32 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] Encryption and password protection
Bart,
Legato looked at providing data encryption in NetWorker 7.x. However, due
to the performance impact of doing encryption at source (it reduced backup
throughput by as much as 60%, or more than doubled the time to do a backup),
it was seen as not such a good idea to do it in software. Legato decided to
leave this area to the professionals, such as NeoScale, Decru, and Digital
Information Systems.
All these companies do the encryption in hardware, and thus you get very
low latency with excellent encryption capabilities.
My personal favourite is/was Neoscale.
Siobhán Ellis
Senior Technology Consultant
Enstor
Level 10, 118 Alfred St
Milsons Point
NSW 2061
Australia
Mobile: +61 424 750 544
Phone: +61 2 9900 2100
Fax: +61 2 9900 2199
e-mail: siobhan.ellis AT enstor.com DOT au
>>> Bart.Jespers AT FUJITSU-SIEMENS DOT COM 29/03/2005 4:44:35 pm >>>
Hello All,
I have some questions about password protection and encryption with
networker. for a RFO we stated that networker can password protect and
encrypt the data flow. only afterwards we saw that apparently this is only
possible on windows and netware. The customer wants us to encrypt all data,
also solaris and linux clients
from the windows admin guide:
The password ASMs, available for Microsoft Windows and NetWare clients
only, are used to password-protect (pw1) or encrypt (pw2) data.
I have some questions about this
1) is it absolutely not possible to use those ASM's on linux and solaris
2) from the legato database I received a "solution" using a (unknown to
me) ASM : xlateasm. does this work? what does this do? below this email is
more info about it
3) can we encrypt or password protect data on an other way?
4) can we do compression and pasword protection (or encryption) in 1
directive. so that the data of 1 client is encrypted and compressed.
Thanks
Bart
PS
Solution Information
Title:How to encrypt NetWorker client's backup data
ID:legato6254
Solution Statements
Here is the solution:
(Click Here To Go Back)
There is an ASM with NetWorker called xlateasm which can be added to client
side or server side directives.
Example:
<< / >>
+xlateasm: *
Would have the client encrypt all its data when sent to the server.
<< "C:\My Documents" >>
+xlateasm: *.*
Would have the My Documents folder on drive C: encrypted.
NOTE:
-----------
This option will slow restore procedures down on the Client side when the
data is decrypted before being written to the file system.
NOTE:
-----------
The encryption method used by xlateasm is not very sophisticated and
relies on the security of the encryption algorithm. Thus, we do not
publish what this algorithm is. No encryption key is required. However,
a hacker might well be able to figure out how to de-encrypt data either
by examining the executable code or by brute force. Therefore, we do not
recommend use of this method for any purpose other than to discourage
prying or eliminate the possibility of unintentional examination of
data.
(Click Here To Go Back)
Here is the problem or goal:
How to encrypt scheduled backups
Can scheduled backups be encrypted
Encryption for scheduled backups
Click here to see the problem environment.
__________________________________________________
Jespers Bart
IT Consultant LCNA
FSC Professional Services
Fujitsu<FONT COLOR="#000000" S
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Siobhan Ellis.vcf
Description: Text document
|
