Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] What's EMC/NetWorker's answer to Symantec's NetBackup encryption on the backup server

2006-12-13 15:14:21
Subject: Re: [Networker] What's EMC/NetWorker's answer to Symantec's NetBackup encryption on the backup server
From: Albert Eddie Contractor AFRPA CIO/IT <Eddie.Albert AT AFRPA.PENTAGON.AF DOT MIL>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 13 Dec 2006 14:58:59 -0500 
First of all; I agree 100% that ViruScan duties should not be on the
Backup Server but should be on the server you are backing it up from.

As someone who has designed anti-virus/security plans it is infinitely
easier to do this on a per server basis (exclude certain files for
Oracle, SQL, Exchange, etc) vs trying to do this for ONE backup server.
The data needs to be CLEAN when it is sent to the backup server.

Now off-loading encryption to the backup server... Does that make sense?

Depends on how you setup your archive & backup operations. It further
depends on the encryption requirements of where the data resides. If you
are required to encrypt data at a field office, there is no sense
passing the data in the clear and then re-encrypting on the backup
server side.

What we need in the Archive/Backup arena is what everyone in the IT
world needs. Forget CPU speed, (with rare occasions our CPUs stay under
20% utilization 24/7/365) Forget Memory, how many people have a PC let
alone a server that is at 80% of memory capacity for any length of time?
No one I know...

Our bottleneck is I/O speeds...

Forget the CPU, Forget the Memory, give me some I/O hardware designed by
the people who brought us the $100+k Ford GT, The Ferraris, or any
number of exotics. These people understand that it is worth $10k-$20k to
save one tick on the stopwatch. Give me unadulterated SPEED at the I/O
and most of our woes will handle themselves...

By Eddie Albert

Eddie Albert has been a contributing editor to Ahoy Magazine.
You will find most of Mr. Albert's stories in the circular file.
All names and trademarks are the property of their owners.
All opinions expressed or implied are those of Mr. Albert and therefore
FOR RENT!

Semper Fidelis et Paratus! /ALE

Eddie Albert, Archiving Deity
Enterprise Network Engineer
(703) 696-5509

P.S. YES I am still looking for a job. NO I have no intention of
applying at the Comedy Club or CNET.

> -----Original Message-----
> From: EMC NetWorker discussion 
> [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On Behalf Of Preston de Guise
> Sent: Wednesday, December 13, 2006 2:18 PM
> To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
> Subject: Re: [Networker] What's EMC/NetWorker's answer to 
> Symantec's NetBackup encryption on the backup server
> 
> Hi John,
> 
> > What's EMC's answer to this?
> > 
> > Symantec puts encryption on the backup server, 12/12/06 Symantec 
> > Tuesday announced a new encryption feature for its flagship 
> NetBackup 
> > backup and recovery software that takes the CPU-intensive 
> load off of 
> > application servers and places the burden onto the backup server.
> 
> The thought of increasing the burden on a backup server by an 
> order of magnitude or two by adding software based encryption 
> to its role isn't necessarily an attractive one to a lot of users.
> 
> Yes, CPU and RAM is cheap these days, but there's not a 
> limitless amount.
> I'd suggest compared to hardware encryption this offers 
> little effective benefit to many of the businesses that are 
> in a situation where from a compliance perspective they need 
> some form of encryption; i.e., those businesses will 
> typically also have a large amount of clients. Doing software 
> based encryption on a modern server for 10 incoming data 
> streams might not be too bad. Doing it for 100, or 500 is 
> going to seriously hamper the backup performance. It's for 
> the same reason most companies look towards disabling virus 
> scanning on incoming data streams to the backup server, etc.
> 
> Cheers,
> 
> Preston.
> 
> 
> --
> http://enterprise.backup.googlepages.com
> 
> To sign off this list, send email to 
> listserv AT listserv.temple DOT edu and type "signoff networker" in 
> the body of the email. Please write to 
> networker-request AT listserv.temple DOT edu if you have any 
> problems with this list. You can access the archives at 
> http://listserv.temple.edu/archives/networker.html or via RSS 
> at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
> 

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Disk Backup Advice, Preston de Guise
Next by Date:  Re: [Networker] Disk Backup Advice, Albert Eddie Contractor AFRPA CIO/IT
Previous by Thread:  Re: [Networker] What's EMC/NetWorker's answer to Symantec's NetBackup encryption on the backup server, Preston de Guise
Next by Thread:  Re: [Networker] What's EMC/NetWorker's answer to Symantec's NetBackup encryption on the backup server, Peter Viertel
Indexes:  [Date] [Thread] [Top] [All Lists]