Hi All,
Here is a brief synopsis of the requirement that I have been given by my
customer.
Our customer is a SaaS provider and provides software to their customers over
the internet. Each customer has their own virtual servers in the environment
but share physical servers with multiple customers. What they are looking for
is a method where we can backup all of the data in the virtual systems and have
encryption keys for each end customer, then if a customer ends their contract
then all we need to do is to destory the encryption keys and we can't recover
their data.
All of the physical servers run Solaris 10 and the virtual servers are Solaris
10 zones or Linux Zones. One physical server can host up to 120 zones from
multiple customers. Currently we use Legato Networker as the backup solution
and backup the physical server which covers all of the zones as well.
What I would like to discuss is whether the Decru/Netapp DataFort-FC Series and
NeoScale CryptoStor could be used to provide us with the encryption control
that we are looking for for the end customers.
The below example may give you more clarity about our requirement.
Example:
client1: /zones/app-abc-prd
client1: /zones/app-xyz-prd
client1: /zones/app-abc-dev
client1: /zones/app-xyz-dev
client2: /zones/oracle-abc-prd
client2: /zones/oracle-xyz-prd
client2: /zones/oracle-abc-dev
client2: /zones/oracle-xyz-dev
In the above list of filesystems on two backup clients, all the abc filesystems
are belong to our ABC customer and xyz filesystems are belong to our XYZ
customer. Here, I would like to configure 2 static key policy based on the
filesystem name (abc|xyz) on encryption device and want to encrypt using the
same 2 different static keys for the same end customer irrespective of the
backup clients always. i.e., ABC's key for all the abc filesystems and XYZ's
key for all the xyz filesystems.
What we are looking for is a method to have encryption keys for each end
customer, then if a customer ends their contract then all we need to do is to
destory the encryption keys so that the data cannot be recovered.
Is it possible to have policy based static key in Decru/Netapp DataFort-FC
Series or NeoScale CryptoStor and which product you would recommend?
It would be a great help if you shed some light on this.
Thanks,
Ram
+----------------------------------------------------------------------
|This was sent by ramkriz AT gmail DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|