Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] MSEO queries for new Solaris install

2009-07-22 12:10:00
Subject: [Veritas-bu] MSEO queries for new Solaris install
From: Dave Markham <dave.markham AT fjserv DOT net>
To: "veritas-bu AT mailman.eng.auburn DOT edu" <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Wed, 22 Jul 2009 17:06:36 +0100 
Guys i'm upgrading existing backup infrastructure by introducing a new 
server and upgrading NBU to 6.5.4 on Solaris.

I've then got to install and configure MSEO 6.1 so we can encrypt some 
database backups.

I've been reading through all the pdf's and its just a bit of a minefield.

Is there any simplistic steps anywhere anyone has done to install? I'm 
hoping i don't need to change much from defaults, but all documentation 
points towards security server, pem server, pem client etc.
I've basically got one master/media server combined where i need to 
install this on. I can't see  mentioned anywhere in the docs how it is 
done on a single machine. I have seen standalone config mentioned for 
the pem and security server though.

Anyway can someone explain or help me understand the following :-

1. From what i gather there is a master access file with a clear text 
password in it. I'm not entirely sure what this is for, but i'd assume 
its critical to be not put on a none encrypted backup anywhere?

2. RSA keys are used to encrypt and decrypt the AES keys which are 
dynamically created to encrypt data blocks. Is this right? We have the 
requirement to restore a backup taken at one site on another site, so i 
was hoping to create a separate key for each site and then import the 
production key into the DR site MSEO system so that tapes written on 
production could be read and restored. Is this understanding correct? I 
don't want to overwrite the existing default keys each time but am not 
sure if the default key will be used to write backups.

3. I have multiple backup jobs writing to the same tape pools and not 
all these jobs need encrypting. From what  i see the encryption is done 
by adding <MSEO> tags into the keyword section of the policy. Do i need 
to put these keywords in ALL policies but simply omit the KeyType bit 
but leave in Compress=xxx if i want other policies to compress but not 
encrypt? Or do i leave the keyword section blank. If i leave blank does 
compression still work as i gather the /dev/rmt/0cbn links are changed 
by the MSEO virtual device paths.

4. Are there a list of these variables for netbackup.keyword anywhere? 
 From what i gather the default xml file produced contains attributes 
that will have the netbackup.keyword.<variable> in them. The word 
'netbackup.keyword' is not then referenced elsew section. This confuses 
me a little as i seehere and only the <variable> bit is referenced in 
the policy keyword other built in variables in the docs e.g 
netbackup.policy netbackup.pool, but don't then know how to reference 
them or if i need to.

Has anyone a basic example they could post me at all of configuration?


Sorry this is long, i'm just venting because its all a bit mental and as 
always deadlines mean it needs doing asap.

Any pointers would be great.

Cheers
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Veritas-bu] MSEO queries for new Solaris install, Dave Markham <=
Previous by Date:  [Veritas-bu] Tru64 and LTO4 drives, Heathe Kyle Yeakley
Next by Date:  [Veritas-bu] SAN Client on RHEL5, william . d . brown
Previous by Thread:  [Veritas-bu] Tru64 and LTO4 drives, Heathe Kyle Yeakley
Next by Thread:  [Veritas-bu] SAN Client on RHEL5, william . d . brown
Indexes:  [Date] [Thread] [Top] [All Lists]