Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] how to setup encryption

2007-06-22 08:12:29
Subject: Re: [Networker] how to setup encryption
From: Conrad Macina <conrad.macina AT PFIZER DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Fri, 22 Jun 2007 08:09:17 -0400 
I'm no expert on this: I've never used NetWorker encryption and I've never
even read the Admin Guide about it. But I have spoken informally with EMC
people on the topic, and this is my understanding:

I believe the intent of NetWorker encryption is to encrypt the data on the
tapes, not to implement restore security. In other words, it protects you
from the "lost tape" problem, not from yourself. There's only one password,
and it's at the server level. As long as your server has the right password,
you can restore data transparently, even though the tapes are encrypted.

To test this, I would suggest turning off encryption and backing up some
data to tape. Then turn encryption on and back up the same data to a
different tape. Then, use a utility like "dd" in Unix to examine and compare
the two tapes. I suspect the data on the first tape will be readily readable
and the data on the second will be scrambled. You could also do this with
pre- and post-encryption tapes, since it should be easy enough to
differentiate between clear and encrypted text.

If you do this, please let the list know.

Conrad Macina
Pfizer, Inc.





On Thu, 21 Jun 2007 17:13:30 +0100, mark wragge <mark_t_wragge AT YAHOO DOT IE> 
wrote:

>I have unsucessfully attempted to implement encryption on backups. I have
followed the instructions in the admin guide. I have created a directive using:
>  << / >>
>  +aes: *
>  I have configured the client to use the directive.
>  I have edited the networker server properties and entered a password in
the Datazone Pass Phrase field.
>  Now that i have run a backup of the client i expect that i cannot recover
using networker user without having to put in a password. I can recover the
data without a request for the password.
>  Does this mean that encryption has not worked?
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com
>
>To sign off this list, send email to listserv AT listserv.temple DOT edu and 
>type
"signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
>via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
>=========================================================================

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Solaris block size, Jeremie Lebec
Next by Date:  [Networker] The RDBMS program encountered an error during execution, Fazil Saiyed
Previous by Thread:  [Networker] how to setup encryption, mark wragge
Next by Thread:  Re: [Networker] how to setup encryption, Faidherbe, Thierry
Indexes:  [Date] [Thread] [Top] [All Lists]