Re: Encrypting backups DP7.01 (340 Views)
Reply
Frequent Advisor
Tripoint HPUX Admin
Posts: 51
Registered: ‎10-31-1999
Message 1 of 7 (392 Views)

Encrypting backups DP7.01

Hey Guys,

 

Looking through the documents i can't seem to see a "How to" guide on implementing encrypting backups.

 

As i understand there are 2 methods of encryption.  Drive-based encryption which is hardware based and encrypts the backup straight to tape but requires LTO4 or LTO5.  This is not applicable to us as we unfortunately still use LTO2 drives.

 

So the only option is Software encryption.  As i understand you can encrypt the connection between the Client and the Cell server AND you can encrypt the data before it's written to disk.  Do both options require licencing?

 

Also where do i set the encryptrion?  Within the Client properties i can see Encrypted control communication which when ticked shows the certifcate chain etc and you can turn that on.  I assume this is the encrypting the connection between the client and the cell manager.  With this enabled does this only encrypt the data being transfered to the cell manager but it's decrypted and written to tape unencrypted?  Or is it encrypted onto tape as well?

 > other 

There's also the option within the backup specification under options > filesystem options > advanced > other > data security - here you can select none, 256AES, encode.  Is this option the software encryption to tape?

 

Any help is appreciated

Trusted Contributor
ranjithpk
Posts: 123
Registered: ‎07-10-2011
Message 2 of 7 (381 Views)

Re: Encrypting backups DP7.01

Yes its software encryption.

"

Option value: AES 256-bit

Select this option to enable software encryption to protect your data. Data is encrypted before it is transferred over the network and before it is written to media."

Regards,
Ranjith
Frequent Advisor
Tripoint HPUX Admin
Posts: 51
Registered: ‎10-31-1999
Message 3 of 7 (379 Views)

Re: Encrypting backups DP7.01

and this requires a licence per client?

 

encryption extension (BB618AA or BB618BA)

Honored Contributor
danielbraun
Posts: 752
Registered: ‎07-07-2010
Message 4 of 7 (375 Views)

Re: Encrypting backups DP7.01

Hi,

 

yes it requires a license per client you want to have the encryption for. Please keep in mind that communication at all (the control commands) do not need the encryption license, it can be enabled as a feature. Only when backed up data needs to be encryptes as well you have to order this license.

 

Best regards

Daniel

-----------
Please assign Kudos - How to assign...
Trusted Contributor
jruffer
Posts: 184
Registered: ‎06-28-2011
Message 5 of 7 (366 Views)

Re: Encrypting backups DP7.01

I think that the encryption will prevent the hardware compression in the tape drive from working.  You might want to consider enabling software compression to combat this.

 

Jeremy

Frequent Advisor
Tripoint HPUX Admin
Posts: 51
Registered: ‎10-31-1999
Message 6 of 7 (347 Views)

Re: Encrypting backups DP7.01

so what is the licence required for?

 

encrypting the communication channel between client and cell? or encrypting data to tape using the software?

Honored Contributor
Shishir Misra
Posts: 435
Registered: ‎12-19-2004
Message 7 of 7 (340 Views)

Re: Encrypting backups DP7.01

Hi.

   The licence is needed for the source encryption of data that is to be sent to a Media Agent. As has already been mentioned by others, encrypting communication channels (ECC) does not need the licence.

Regards,

Shishir

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.