Networker

[Networker] LTO4 Hardware Encryption -- proposal

2009-11-24 11:38:46
Subject: [Networker] LTO4 Hardware Encryption -- proposal
From: Francis Swasey <Frank.Swasey AT UVM DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 24 Nov 2009 11:35:07 -0500
I recently laid out for EMC what I would like to see NetWorker provide for LTO4 Hardware Encryption and Key Management.

I am interested if what I have told EMC is what others think NetWorker should provide or if you have other ideas about the LTO4 Hardware Encryption. If you would rather not publicly state your agreement /disagreement with the following -- you may respond to me privately.

Here's what I told EMC:

1) That there needs to be an option in the media pool definition to specify that volumes in this pool must have LTO4 Encryption enabled. Whether that is set by a check box in the media pool property panes of NMC or is (like NetBackup does) flagged by naming the pool to begin with "ENCR" -- I don't care.

2) That the NetWorker server needs to create a new key for a volume every time the volume is labeled.

3) That the NetWorker server needs to keep track of which key was used for which volume.

4) That however the NetWorker server maintains the key/volume pairing, it has to be securely included in the bootstrap so that mmrecov can get it back in a disaster situation. And I have to know a secret pass-phrase that was NOT in the bootstrap to decrypt the key/volume table and run a command to put it back into NetWorker.

--
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
 "I am not young enough to know everything." - Oscar Wilde (1854-1900)

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

<Prev in Thread] Current Thread [Next in Thread>
  • [Networker] LTO4 Hardware Encryption -- proposal, Francis Swasey <=