Stan makes excellent points here. One option to consider is using network
devices to encrypt the data while it is 'in flight'. Thus, you don't bear the
key management and processing burden on your client, and the data arrives in a
compressible state at the tape device.
tl
Terry Lemons
Backup Platforms Group
EMC²
where information lives
4400 Computer Drive, MS D239
Westboro MA 01580
Phone: 508 898 7312
Email: Lemons_Terry AT emc DOT com
-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Stan Horwitz
Sent: Thursday, July 31, 2008 1:51 PM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] backup data over the net
On Jul 31, 2008, at 1:09 PM, Teresa Biehler wrote:
> Ok, there has been lots of discussion lately about how to encrypt data
> that is written to tape. This brought up a question in my mind. What
> about all the backup data that is being sent over the network. Is
> this
> a secure transmission of the data? Is the data encrypted?
The answer depends on how you encrypt the data, or more importantly,
where you encrypt it. If you use NetWorker's built-in encryption
feature, the encryption happens on the client. The benefit there is
that the data is encrypted before it gets transmitted over the
network. Two disadvantages are: 1) the encryption happens on the
client so it consumes more processor cycles on the client and 2) no
key encryption management. If you encrypt the data using LTO-4 tape
drives, then the data remains unencrypted in transit, but there's no
hit on the clients. Either way, you lose the ability to compress the
data onto your backup media and recovers are going to be slower.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|