Re: [Veritas-bu] Encrypting offsite tapes
2008-11-11 13:23:41
Don't forget hardware based encryption using LTO-4 tape drives.
Netbackup 6.5.2 has key management functionality built in. To activate
the hardware encryption on LTO4 using NB6.5.2 after you have created
keys you just write backups to a pool prefixed with ENCR_* for instance
ENCR_Offsite. Using this you could decide based on which volume pool
data was written whether or not it would be encrypted. Your normal
backups could be written to a normal pool and then when vault did the
duplication those images could be written to a hardware encrypted pool.
The same cost caveat applies here if you don't already have LTO4 as in
Ed's #3:)
Ed Wilts wrote:
> You have 3 separate options:
>
> 1. Client-based encryption. Free with 6.5 (and you may be able to get
> free licenses for 6.0 if you're under maintenance). Adds a load to each
> and every client. From what I've heard, it's not pretty.
>
> 2. Media-server based encryption. Puts the load on the media servers
> instead.
>
> 3. Encryption appliance. Not cheap, but they encrypt at wire speed
> while writing to the tape drives. Decru, now owned by NetApp, is the
> current market leader. Brocade is also now partnering with NetApp to
> build the next generation - basically a Decru encryption appliance built
> into a 32-port Brocade switch. Not even close to cheap :-)
>
> We chose option 3 and have Decru appliances in front of all our tape
> drives. Everything that's written to tape is automatically encrypted -
> we don't need to think about it. NetBackup doesn't even know the data
> is encrypted and doesn't care.
>
> http://www.netapp.com/us/products/storage-security-systems/
>
> On Tue, Nov 11, 2008 at 11:32 AM, Rongsheng Fang <unixlifebox AT gmail DOT com
> <mailto:unixlifebox AT gmail DOT com>> wrote:
>
> We duplicate backup images from disks/tapes to tapes weekly using
> NetBackup vault and send the tapes offsite. We have a new requirement
> for encrypting all the tapes going offsite. I understand that
> NetBackup can do the encryption while the backup is being done. My
> question is: is it possible to encrypt the images during the vault
> process (or the duplication process of the vault)? How do you
> implement the encryption in your backup environments?
>
> Our environment: NetBackup Enterprise 6.0MP4 on Solaris 10
>
> Thanks,
>
> Rongsheng
>
>
> .../Ed
>
> Ed Wilts, RHCE, BCFP, BCSD, SCSP, SCSE
> ewilts AT ewilts DOT org <mailto:ewilts AT ewilts DOT org>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|