Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Veritas-bu] Encrypting offsite tapes

2008-11-11 13:23:41
Subject: Re: [Veritas-bu] Encrypting offsite tapes
From: Travis Kelley <travis.kelley AT etrade DOT com>
To: Ed Wilts <ewilts AT ewilts DOT org>
Date: Tue, 11 Nov 2008 13:04:31 -0500 
Don't forget hardware based encryption using LTO-4 tape drives.
Netbackup 6.5.2 has key management functionality built in.  To activate
the hardware encryption on LTO4 using NB6.5.2 after you have created
keys you just write backups to a pool prefixed with ENCR_* for instance
ENCR_Offsite.  Using this you could decide based on which volume pool
data was written whether or not it would be encrypted.  Your normal
backups could be written to a normal pool and then when vault did the
duplication those images could be written to a hardware encrypted pool.

The same cost caveat applies here if you don't already have LTO4 as in
Ed's #3:)

Ed Wilts wrote:
> You have 3 separate options:
> 
> 1.  Client-based encryption.  Free with 6.5 (and you may be able to get
> free licenses for 6.0 if you're under maintenance).  Adds a load to each
> and every client.  From what I've heard, it's not pretty.
> 
> 2.  Media-server based encryption.  Puts the load on the media servers
> instead.
> 
> 3.  Encryption appliance.  Not cheap, but they encrypt at wire speed
> while writing to the tape drives.   Decru, now owned by NetApp, is the
> current market leader.  Brocade is also now partnering with NetApp to
> build the next generation - basically a Decru encryption appliance built
> into a 32-port Brocade switch.  Not even close to cheap :-)
> 
> We chose option 3 and have Decru appliances in front of all our tape
> drives.  Everything that's written to tape is automatically encrypted -
> we don't need to think about it.  NetBackup doesn't even know the data
> is encrypted and doesn't care.
> 
> http://www.netapp.com/us/products/storage-security-systems/
> 
> On Tue, Nov 11, 2008 at 11:32 AM, Rongsheng Fang <unixlifebox AT gmail DOT com
> <mailto:unixlifebox AT gmail DOT com>> wrote:
> 
>     We duplicate backup images from disks/tapes to tapes weekly using
>     NetBackup vault and send the tapes offsite. We have a new requirement
>     for encrypting all the tapes going offsite. I understand that
>     NetBackup can do the encryption while the backup is being done. My
>     question is: is it possible to encrypt the images during the vault
>     process (or the duplication process of the vault)? How do you
>     implement the encryption in your backup environments?
> 
>     Our environment: NetBackup Enterprise 6.0MP4 on Solaris 10
> 
>     Thanks,
> 
>     Rongsheng
> 
> 
>         .../Ed
> 
>     Ed Wilts, RHCE, BCFP, BCSD, SCSP, SCSE
>     ewilts AT ewilts DOT org <mailto:ewilts AT ewilts DOT org>
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Veritas-bu] Encrypting offsite tapes, judy_hinchcliffe
Next by Date:  Re: [Veritas-bu] Encrypting offsite tapes, Taylor, David (MARSYS)
Previous by Thread:  Re: [Veritas-bu] Encrypting offsite tapes, Taylor, David (MARSYS)
Next by Thread:  Re: [Veritas-bu] Encrypting offsite tapes, Rongsheng Fang
Indexes:  [Date] [Thread] [Top] [All Lists]