Re: Encrypting backups DP7.01 (208 Views)
Reply
Frequent Advisor
Tripoint HPUX Admin
Posts: 51
Registered: ‎10-31-1999
Message 1 of 7 (260 Views)

Encrypting backups DP7.01

Hey Guys,

 

Looking through the documents i can't seem to see a "How to" guide on implementing encrypting backups.

 

As i understand there are 2 methods of encryption.  Drive-based encryption which is hardware based and encrypts the backup straight to tape but requires LTO4 or LTO5.  This is not applicable to us as we unfortunately still use LTO2 drives.

 

So the only option is Software encryption.  As i understand you can encrypt the connection between the Client and the Cell server AND you can encrypt the data before it's written to disk.  Do both options require licencing?

 

Also where do i set the encryptrion?  Within the Client properties i can see Encrypted control communication which when ticked shows the certifcate chain etc and you can turn that on.  I assume this is the encrypting the connection between the client and the cell manager.  With this enabled does this only encrypt the data being transfered to the cell manager but it's decrypted and written to tape unencrypted?  Or is it encrypted onto tape as well?

 > other 

There's also the option within the backup specification under options > filesystem options > advanced > other > data security - here you can select none, 256AES, encode.  Is this option the software encryption to tape?

 

Any help is appreciated

Please use plain text.
Valued Contributor
ranjithpk
Posts: 102
Registered: ‎07-10-2011
Message 2 of 7 (249 Views)

Re: Encrypting backups DP7.01

Yes its software encryption.

"

Option value: AES 256-bit

Select this option to enable software encryption to protect your data. Data is encrypted before it is transferred over the network and before it is written to media."

Regards,
Ranjith
Please use plain text.
Frequent Advisor
Tripoint HPUX Admin
Posts: 51
Registered: ‎10-31-1999
Message 3 of 7 (247 Views)

Re: Encrypting backups DP7.01

and this requires a licence per client?

 

encryption extension (BB618AA or BB618BA)

Please use plain text.
Honored Contributor
danielbraun
Posts: 682
Registered: ‎07-07-2010
Message 4 of 7 (243 Views)

Re: Encrypting backups DP7.01

Hi,

 

yes it requires a license per client you want to have the encryption for. Please keep in mind that communication at all (the control commands) do not need the encryption license, it can be enabled as a feature. Only when backed up data needs to be encryptes as well you have to order this license.

 

Best regards

Daniel

-----------
Please assign Kudos - How to assign...
Please use plain text.
Valued Contributor
jruffer
Posts: 168
Registered: ‎06-28-2011
Message 5 of 7 (234 Views)

Re: Encrypting backups DP7.01

I think that the encryption will prevent the hardware compression in the tape drive from working.  You might want to consider enabling software compression to combat this.

 

Jeremy

Please use plain text.
Frequent Advisor
Tripoint HPUX Admin
Posts: 51
Registered: ‎10-31-1999
Message 6 of 7 (215 Views)

Re: Encrypting backups DP7.01

so what is the licence required for?

 

encrypting the communication channel between client and cell? or encrypting data to tape using the software?

Please use plain text.
Honored Contributor
Shishir Misra
Posts: 432
Registered: ‎12-19-2004
Message 7 of 7 (208 Views)

Re: Encrypting backups DP7.01

Hi.

   The licence is needed for the source encryption of data that is to be sent to a Media Agent. As has already been mentioned by others, encrypting communication channels (ECC) does not need the licence.

Regards,

Shishir

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation