Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Networker] Question on Legato backup with encryption

2010-12-20 14:07:39
Subject: [Networker] Question on Legato backup with encryption
From: ramkriz <networker-forum AT BACKUPCENTRAL DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Mon, 20 Dec 2010 14:06:54 -0500 
Hi All,

Here is a brief synopsis of the requirement that I have been given by my 
customer.

Our customer is a SaaS provider and provides software to their customers over 
the internet. Each customer has their own virtual servers in the environment 
but share physical servers with multiple customers. What they are looking for 
is a method where we can backup all of the data in the virtual systems and have 
encryption keys for each end customer, then if a customer ends their contract 
then all we need to do is to destory the encryption keys and we can't recover 
their data.

All of the physical servers run Solaris 10 and the virtual servers are Solaris 
10 zones or Linux Zones. One physical server can host up to 120 zones from 
multiple customers. Currently we use Legato Networker as the backup solution 
and backup the physical server which covers all of the zones as well.

What I would like to discuss is whether the Decru/Netapp DataFort-FC Series and 
NeoScale CryptoStor could be used to provide us with the encryption control 
that we are looking for for the end customers.

The below example may give you more clarity about our requirement.

Example:

client1: /zones/app-abc-prd
client1: /zones/app-xyz-prd
client1: /zones/app-abc-dev
client1: /zones/app-xyz-dev

client2: /zones/oracle-abc-prd
client2: /zones/oracle-xyz-prd
client2: /zones/oracle-abc-dev
client2: /zones/oracle-xyz-dev

In the above list of filesystems on two backup clients, all the abc filesystems 
are belong to our ABC customer and xyz filesystems are belong to our XYZ 
customer. Here,  I would like to configure 2 static key policy based on the 
filesystem name (abc|xyz) on encryption device and want to encrypt using the 
same 2 different static keys for the same end customer irrespective of the 
backup clients always. i.e., ABC's key for all the abc filesystems and XYZ's 
key for all the xyz filesystems.

What we are looking for is a method to have encryption keys for each end 
customer, then if a customer ends their contract then all we need to do is to 
destory the encryption keys so that the data cannot be recovered.

Is it possible to have policy based static key in Decru/Netapp DataFort-FC 
Series or NeoScale CryptoStor and which product you would recommend?

It would be a great help if you shed some light on this.

Thanks,
Ram

+----------------------------------------------------------------------
|This was sent by ramkriz AT gmail DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Networker] Question on Legato backup with encryption, ramkriz <=
Previous by Date:  [Networker] How to restore a particular month backup from Tape-EMC netwo, ramkriz
Next by Date:  Re: [Networker] view the content in backup tape, Steven Veitch
Previous by Thread:  [Networker] Client Errors on Solaris after migration., japgar
Next by Thread:  [Networker] Cant see failure details in networker 7.4 sp2, markybhoy
Indexes:  [Date] [Thread] [Top] [All Lists]