Forum Discussion

Anuj_Kr's avatar
Anuj_Kr
Level 4
10 years ago

Encryption option on Appliance 5230

Hi,

I am running with a POC with Appliance 5230 installed as Master/Media with MSDP.

I enable Encryption on appliance: Main_Menu> Settings> Deduplication> Tune Encryption Enable.

Now, how to I ensure that images on pool are encrypted, and how do I test that it is secured with unautorized restore to distinct server/location.

 

I do see some file created under  /disk/databases/catalog/number/client_host_name/policy_name/client-host-name_backup-timestamp_C1_F1.img

should I also have a keys stored somewhere?

  • OK here come the fun times. 

    First. 

    Get to a root prompt on the appliance. Since you have already said that the dbutil is not located where it is supposed to be I assume you know how to get there. 

    Next run /usr/openv/pdde/pdcr/bin/dcscsn -a -h This command will give you all the container headers which contains the container number:

    *** Header for container 64 ***

    Now run /usr/openv/pdde/pdcr/bin/dcscan --so-data-format <Container number>  and look for something like:

    data format    : [Blowfish Encrypted archive 256bit key LZO Compressed 8-byte input vector Streamable, v2, window size 143360 bytes]

    If you just turned on encryption none of the previous images will be encrypted. Only backups since encryption was encrypted will be encrypted so you may need to iterate through all of the containers until you find the proper image.

    Using dbutil would have made this easier but it appears to be the best I can come up with.  

  • The images are encrypted "at rest" in otherwords on disk. If you restore them via NetBackup they will be unencrypted and the data will be available. What you need to ensure is no unauthorized access to the NetBackup system. You can achieve that with NetBackup Access Control.