Networker

Re: [Networker] What's EMC/NetWorker's answer to Symantec's NetBackup encryption on the backup server

2006-12-13 17:56:06
Subject: Re: [Networker] What's EMC/NetWorker's answer to Symantec's NetBackup encryption on the backup server
From: Tim Mooney <Tim.Mooney AT NDSU DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 13 Dec 2006 16:53:24 -0600
In regard to: [Networker] What's EMC/NetWorker's answer to Symantec's...:

What's EMC's answer to this?

Symantec puts encryption on the backup server, 12/12/06
Symantec Tuesday announced a new encryption feature for its flagship
NetBackup backup and recovery software that takes the CPU-intensive load
off of application servers and places the burden onto the backup server.

Someone in marketing at Symantec probably thinks that's a great idea,
while we all know it's potentially a horrible idea.  "Burden", is,
however, a fantastic word choice for their press release, so I commend
them on getting that right.

NetWorker has for years had support for doing encryption over the wire.
It was extremely weak and almost no one used it.  I've even heard EMC
employees describe it as "a joke".  My opinion is that it was added just
so EMC could have it on a checklist and say they had that feature.

NetWorker 7.3 replaced that encryption support with much better encryption
support.  It's my understanding that they also added support for
encrypting to tape, which is probably more important to most enterprises.
Curtis Preston, who seems to have resurfaced on this list, has a great
shtick about Brown (i.e. UPS) handling tapes.

We're not using 7.3 here in any capacity beyond minimal testing, so I
can't comment on how well it works, or if it requires an additional
enabler (wouldn't surprise me, quite honestly).

I think it's really good that NetWorker 7.3 has that encryption support,
for sites that have modest needs for backup encryption.  If you deal with
a lot of sensitive data, you probably want to look at doing it in hardware,
rather than at the backup server OS level.

There have been discussions in the past about hardware devices that can be
inserted in the I/O path between the backup host and the tape devices, and
work as a black box for encrypting and unencrypting data.  They've been
very positively reviewed on this list and in conversations I've had at
conferences.  Search the archives for more info about those.

Tim
--
Tim Mooney                                           Tim.Mooney AT ndsu DOT edu
Information Technology Services                      (701) 231-1076 (Voice)
Room 242-J6, IACC Building                           (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER