Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] Networker 7.4 and tape library encryption

2008-10-01 21:57:07
Subject: Re: [Networker] Networker 7.4 and tape library encryption
From: Stan Horwitz <stan AT TEMPLE DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 1 Oct 2008 21:51:16 -0400 
On 10/1/08 7:33 PM, "Long Nguyen" <lnguyen AT CALPOLY DOT EDU> wrote:

> Dear Networker gurus,
> 
> We are in the process of  research for data protection via encryption in
> Network 7.4,
> Perhaps you can help to answer these questions:
> 
> 1. Does Networker support data encryption? tape encryption? If so how do we
> turn it on?

Yes, but there's no key management to speak of. The NetWorker
Administrator's Guide does a good job of explaining how to set up encryption
so I encourage you to read it.

> 2. Does Oracle RMAN backup will compatible with encryption?

I don't know, but probably. If you're using Oracle you would be better off
using Oracle's build-in encryption tools. Check with Oracle's tech support
people about that. If I am not mistaken, Oracle has a lot of information
about encryption on its web site, so check there as well.

> 3. Does the Encrypts occur before deduplication?

That's presumably up to you, but I suspect you will lose a lot of benefits
from deduplication if you encrypt your data. I can't say for sure though
because we don't encrypt here, nor do we do any deduplication ... yet. I am
sure others on this list will have some insight in that question though.

> 4. Does encryption get more CPU overheard, if so where (client or server)?

It incurs more overhead on the computer that does the encryption. If you do
encryption on the client, then the processor overhead there will increase.
If you do it on the server, then the processor overhead on the server will
increase. Note that NetWorker's built-in ASE encryption does it on the
client, so that's where the performance hit will occur.

> 5. Does  Data size increases with encryption?

Absolutely. How much of an increase depends on how you encrypt.

> 6.  What happens to encrypted data if we move to new backup software?

That also depends on how you encrypt. If you use NetWorker to encrypt, I am
going to make a reasonable guess that you would need NetWorker to decrypt
the data if you need to recover it. Then again, you would need NetWorker to
recover the data even if you didn't encrypt your data with NetWorker.

> 7.  Will backup time increase with encryption turn on

You bet it does, but the increase may be modest. It depends on the amount of
how you encrypt, what you encrypt, where you encrypt, etc.

Encryption is a wonderful idea, but it comes with many costs and the risk
that if you lose your encryption key, your encrypted backups are useless. A
better approach to encryption is to avoid getting into a situation where
your backup media leaves your employer's possession, such as by doing disk
replication over a VLAN between a primary site and a secondary site. Even
better is to encrypt the data before it ever hits your primary storage, but
that's an issue you would need to raise with your DBA and applications
specialists.

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Networker] Networker 7.4 and tape library encryption, Long Nguyen
Next by Date:  [Networker] New to this... please read..., Stevie1970
Previous by Thread:  [Networker] Networker 7.4 and tape library encryption, Long Nguyen
Next by Thread:  [Networker] Networker 7.4 and tape library encryption, goony
Indexes:  [Date] [Thread] [Top] [All Lists]