Re: [Veritas-bu] Sun/StorageTek based LTO4 encryption

Again, that is why I went with KMS, (kms is NOT MESO) it is application
managed encryption that tells the tape drive to do the encryption NOT
the media server, kms just has the keys on the master server and NB
talks to the tape drive with the keys.  Again so the tape drive does the
encryption with no over head on the media server.  I have not seen an
any impact on my master or media server when I started using KMS.

-----Original Message-----
From: Shekel Tal [mailto:Tal.Shekel AT uk.fujitsu DOT com] 
Sent: Tuesday, March 02, 2010 9:26 AM
To: Judy Hinchcliffe; jpiszcz AT lucidpixels DOT com
Cc: kc.on.the.job AT gmail DOT com; veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] Sun/StorageTek based LTO4 encryption

>From the research I have done on the CPU requirements:

It takes roughly 73 clock cycles on a Windows or Linux server or about
87 clock cycles on UNIX server to perform MSEO compression/encryption
per BYTE of data backed up. Backing up 100 MB/sec of data through a
Solaris media server requires 8.7 GHz of CPU processing for MSEO alone,
plus whatever processing is needed for other tasks. To move 200 MB/sec
through the media server would require 17.4 GHz of CPU for MSEO.

So it's a very cpu intensive process. You would probably require a large
multicore process system depending on your throughput requirements

Regards,
Tal

-----Original Message-----
From: judy_hinchcliffe AT administaff DOT com
[mailto:judy_hinchcliffe AT administaff DOT com] 
Sent: 02 March 2010 15:20
To: jpiszcz AT lucidpixels DOT com; Shekel Tal
Cc: kc.on.the.job AT gmail DOT com; veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] Sun/StorageTek based LTO4 encryption

Thanks why I went for kms (tape drive encryption) no overhead on the
media server or the clients

-----Original Message-----
From: Justin Piszcz [mailto:jpiszcz AT lucidpixels DOT com] 
Sent: Tuesday, March 02, 2010 8:57 AM
To: Shekel Tal
Cc: Judy Hinchcliffe; kc.on.the.job AT gmail DOT com;
veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] Sun/StorageTek based LTO4 encryption

Hi,

I have read others' reviews on MSEO-- from what I understand it will peg

the CPU and reduce throughput dramatically to high-speed drives.

Has anyone not seen that?

Justin.

On Tue, 2 Mar 2010, Shekel Tal wrote:

> Okay, thanks for the information.
>
> I have also been looking at NetBackup Media Server Encryption.
> It looks quite neat, compresses before encryption and has very nice
key
> management which is a big tick in the box for me.
>
> The only caveat is that is software based and has fairly heavy host
CPU
> requirement.
>
> Regards,
> Tal
>
>
> -----Original Message-----
> From: judy_hinchcliffe AT administaff DOT com
> [mailto:judy_hinchcliffe AT administaff DOT com]
> Sent: 02 March 2010 14:42
> To: Shekel Tal; jpiszcz AT lucidpixels DOT com; kc.on.the.job AT gmail DOT com
> Cc: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: RE: [Veritas-bu] Sun/StorageTek based LTO4 encryption
>
> I am now using kms, and because the tape drive does the compression
and
> the tape drive does the encryption, I have not noticed any loss in
> compression yet ( only have had it running for about 1 week) that was
> something I was also concerned about.  You have to compress before you
> encrypt, and as far as I could find out the tape drive knows that.
>
>
> -----Original Message-----
> From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
> [mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Shekel
> Tal
> Sent: Tuesday, March 02, 2010 7:39 AM
> To: Justin Piszcz; Kevin C
> Cc: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: Re: [Veritas-bu] Sun/StorageTek based LTO4 encryption
>
> I have also been looking at this as an option.
> One of the considerations is the effect encryption has on compression.
>
> I have heard you loose the ability to compress effectively when using
> compression.
>
> Have you noticed an effect on your tape drive compression when using
> tape drive based encryption?
>
> Regards,
> Tal
>
> -----Original Message-----
> From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
> [mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Justin
> Piszcz
> Sent: 01 March 2010 21:26
> To: Kevin C
> Cc: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: Re: [Veritas-bu] Sun/StorageTek based LTO4 encryption
>
>
>
> On Mon, 1 Mar 2010, Kevin C wrote:
>
>> Sorry if this topic is been discussed before.
>>
>> Looking for members who have implemented LTO4 based encryption on
>> Sun/StorageTek/Oracle platforms, any useful
> comments/journeys/guidance. We
>> are on HP LTO4 drives with SL500/SL3000 libraries. From what I
> understand,
>> this pretty much limits us to the StorageTek Crypto Key Management
> System w/
>> KMA appliances at each library site. The other option, today, is
> NetBackup's
>> KMS software.
>>
>> Thank you.
>>
>
> I have using the IBM LTO-4 drives with STK libraries, works great, as
> long
> the firmware is version 7BG2, I have seen the drive reset itself if
the
> firmware is any other version (more recent ones).  Also using NBU &
KMS.
> It works good, note you can only have 2 volume pools that use
> encryption.
>
> Justin.
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>
>




_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu