I removed the password for the "datazone pass phrase" and then attempted to
restore data from the backup that I had setup use of encryption for. The
restore failed saying that encrypted files could not be recovered.
I did not attempt to read the tape using dd as we have a windows environment
but this would be a good test to prove that another product/OS cannot read
these tapes wihtout the use of networker and the datazone pass phrase.
Thanks.
"Faidherbe, Thierry" <Thierry.Faidherbe AT HP DOT COM> wrote:
You can quicker do that test using file/advfile device,
media management will be more easier, SSID in advfile
is just like a file and not moving tape out of networker
control ...
I am also interrested with test results ;-)
HTH
TH
Kind regards - Bien cordialement - Vriendelijke groeten,
Thierry FAIDHERBE
HP Services - Storage Division
Tru64 Unix and Legato Enterprise Backup Solutions Consultant
********* ********* HEWLETT - PACKARD
******* h ******* - 1 Rue de l'aeronef/Luchtschipstraat
****** h ****** 1140 Bruxelles/Brussel/Brussels
***** hhhh pppp ***** - 102 Blv de la Woluwe/Woluwedal
***** h h p p ***** 1200 Bruxelles/Brussel/Brussels
***** h h pppp ***** -> HP moves as from 20 August 2007
****** p ****** Hermeslaan 1a - B-1831 Diegem
******* p ******* BELGIUM
********* *********
Phone : +32 (0)2 / 729.85.42
I N V E N T Mobile : +32 (0)498/ 94.60.85
Fax : +32 (0)2 / 729.88.30
Enterprise number 0402.220.594 Email/MSN : thierry.faidherbe(at)hp.com
RPM/RPR Brussels Internet : http://www.hp.com/
-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Conrad Macina
Sent: vendredi 22 juin 2007 14:09
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] how to setup encryption
I'm no expert on this: I've never used NetWorker encryption and I've
never
even read the Admin Guide about it. But I have spoken informally with
EMC
people on the topic, and this is my understanding:
I believe the intent of NetWorker encryption is to encrypt the data on
the
tapes, not to implement restore security. In other words, it protects
you
from the "lost tape" problem, not from yourself. There's only one
password,
and it's at the server level. As long as your server has the right
password,
you can restore data transparently, even though the tapes are encrypted.
To test this, I would suggest turning off encryption and backing up some
data to tape. Then turn encryption on and back up the same data to a
different tape. Then, use a utility like "dd" in Unix to examine and
compare
the two tapes. I suspect the data on the first tape will be readily
readable
and the data on the second will be scrambled. You could also do this
with
pre- and post-encryption tapes, since it should be easy enough to
differentiate between clear and encrypted text.
If you do this, please let the list know.
Conrad Macina
Pfizer, Inc.
On Thu, 21 Jun 2007 17:13:30 +0100, mark wragge
wrote:
>I have unsucessfully attempted to implement encryption on backups. I
have
followed the instructions in the admin guide. I have created a directive
using:
> << / >>
> +aes: *
> I have configured the client to use the directive.
> I have edited the networker server properties and entered a password
in
the Datazone Pass Phrase field.
> Now that i have run a backup of the client i expect that i cannot
recover
using networker user without having to put in a password. I can recover
the
data without a request for the password.
> Does this mean that encryption has not worked?
>
> Send instant messages to your online friends
http://uk.messenger.yahoo.com
>
>To sign off this list, send email to listserv AT listserv.temple DOT edu and
type
"signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
>via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
>=======================================================================
==
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
Send instant messages to your online friends http://uk.messenger.yahoo.com
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
