[Networker] LTO4 Hardware Encryption -- proposal
2009-11-24 11:38:46
I recently laid out for EMC what I would like to see NetWorker provide
for LTO4 Hardware Encryption and Key Management.
I am interested if what I have told EMC is what others think NetWorker
should provide or if you have other ideas about the LTO4 Hardware
Encryption. If you would rather not publicly state your agreement
/disagreement with the following -- you may respond to me privately.
Here's what I told EMC:
1) That there needs to be an option in the media pool definition to
specify that volumes in this pool must have LTO4 Encryption enabled.
Whether that is set by a check box in the media pool property panes of
NMC or is (like NetBackup does) flagged by naming the pool to begin with
"ENCR" -- I don't care.
2) That the NetWorker server needs to create a new key for a volume
every time the volume is labeled.
3) That the NetWorker server needs to keep track of which key was used
for which volume.
4) That however the NetWorker server maintains the key/volume pairing,
it has to be securely included in the bootstrap so that mmrecov can get
it back in a disaster situation. And I have to know a secret
pass-phrase that was NOT in the bootstrap to decrypt the key/volume
table and run a command to put it back into NetWorker.
--
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Networker] LTO4 Hardware Encryption -- proposal,
Francis Swasey <=
|
|
|