Re: [Networker] New libraries with LTO-4 & encryption
2008-07-24 14:00:22
Clark, Patti wrote:
Hi, all.
Some $$ have come our way and management made the decision that we are
going to LTO-4 and encryption. That being said, we've moved forward on
the research and pricing. Before we actually place the order I want to
see if anyone else has had [b]leading edge experience in this area that
might provide me with questions that I haven't thought to ask or
suggestions on how to handle some of the aspects that are new with the
technology. We've looked at appliances and have decided not to go that
way.
The current system is RHEL4, NWv7.3.3 (server and clients) with a mix of
RHEL, Solaris, OSX, and Win clients,
1 - SCSI attached library with 3 LTO-2 drives.
The new system will be RHEL4 or 5 (updated with new HBAs), NWv7.4.2 same
client mix
1 - FC attached library (Quantum i500) with 3 LTO-4 drives (IBM) - at
least 2 drives will have encryption enabled.
Just out of curiosity, how will you control what data gets encrypted and
what data doesn't? Seems you'd have to specify or hard code those
specific devices in the pools? Not sure how easy that would be to
manage. If you're encrypting on the NW end of things - I've heard it
supports encryption but not sure how strong it is - then I would think
you would have better control as far as which groups encrypt, etc. Seems
you could fine tune it better, but I've not played with NW 7.4 so not
sure about that. However, it's my understanding that if encryption is
turned on for a given drive then everything that goes to that drive will
be encrypted. In some cases, there might be certain data you might not
want encrypted??? Then again, maybe it's carte blanche on everything?
Because NW is already writing the data in proprietary format, it doesn't
seem so bad to have it encrypt it also. Otherwise, you have the data in
one format and the encryption in another. Two hurdles to clear there,
but again, I have no idea how similar or strong NW encryption is versus
the drive manufacturer's encryption. Not sure what standards the drive
encryption uses either?
I'm not really answering your questions, but your post just go me
thinking of more.
George
Software to perform encryption key management
I've kept track of the HBA discussions, IBM drive info, Networker
upgrade threads, and anything else related. I expect to upgrade
Networker and then the OS prior to the HW switch. Not much has been
said about encryption. Does it work as advertised? Is it fairly
seamless? Networker doesn't really see any difference and it's business
as usual? How about key management? Do I believe the sales materials?
Patti Clark
Sr. Unix System Administrator - RHCT, GSEC
Office of Scientific and Technical Information
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
--
George Sinclair
NOAA/NESDIS/National Oceanographic Data Center
SSMC3 E/OC3 Room 4145 | Voice: (301) 713-3284 x210
1315 East West Highway | Fax: (301) 713-3301
Silver Spring, MD 20910-3282 | Web Site: http://www.nodc.noaa.gov/
- Any opinions expressed in this message are NOT those of the US Govt. -
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|