Re: [Veritas-bu] Ssh style encryption of data transfer from client to se

Subject:	Re: [Veritas-bu] Ssh style encryption of data transfer from client to server
From:	David Magda <dmagda AT ee.ryerson DOT ca>
To:	Andrew Stueve <Andrew.Stueve AT neovera DOT com>
Date:	Tue, 10 Jan 2012 18:43:35 -0500

On Jan 10, 2012, at 17:53, Andrew Stueve wrote:

> On Fri, January 6, 2012 10:31, Rosie Cleary wrote:
> 
>> I ran a test recently and found that Netbackup transfers data from the 
>> backup client to the server in clear text. I would prefer to secure the 
>> network traffic without encrypting the resulting backup, do you know of any 
>> options to do this?
> 
> Enable the Netbackup Encryption option?

The keywords are "without encrypting the resulting backup".

Encrypting at the client means that you lose dedupe and tape compression 
capabilities. Using the Media Server Encryption Option (MSEO) doesn't help in 
the client-server traffic (and you lose dedupe/compression again).

I replied (accidentally offlist) to the enquiry by suggesting IPsec (or any 
type of VPN-like solution really). Over the wire is ciphertext, but it's all 
cleartext to the NetBackup server after the kernel is done decrypting it.

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread]	Current Thread	[Next in Thread>
[Veritas-bu] Ssh style encryption of data transfer from client to server, Rosie Cleary Re: [Veritas-bu] Ssh style encryption of data transfer from client to server, Andrew Stueve Re: [Veritas-bu] Ssh style encryption of data transfer from client to server, David Magda <=

Re: [Veritas-bu] Ssh style encryption of data transfer from client to server