cancel
Showing results for 
Search instead for 
Did you mean: 
Kiran_Bandi
Level 6
Partner Accredited

Backup Exec provides the ability to encrypt data, which helps us in protecting data from unauthorized access. Backup Exec provide the Software Encryption, but it also supports some devices that provide Hardware Encryption with the T10 standard.

Backup Exec supports two security levels of encryption: 128-bit Advanced Encryption Standard (AES) and 256-bit Advanced Encryption Standard. For 128-bit AES pass phrase must be atleast  8 characters, whereas 256-bit AES pass phrase must be atleast 16 characters. The 256-bit AES encryption provides a stronger level of security because the key is longer for 256-bit AES than for 128-bit AES. However, 128-bit AES encryption enables backup jobs to process more quickly.

When you install Backup Exec, the installation program installs the necessary encryption software on the media server and on remote computers that use the Remote Agent. Backup Exec can encrypt data at a computer that uses the Remote Agent, and then transfer the encrypted data to the media server. Backup Exec then writes the encrypted data on a set-by-set basis to tape or to a backup-to-disk folder.

Software compression can be used along with the encryption option. First BE compresses the files, and then encrypts them. However, backup jobs take longer to complete when you use both encryption and software compression.

Configuration:

  1. Create an encryption key; use it with the backup job.
  2. Create an encryption key while creating the backup job.
  3. Create / use an encryption key along with a backup set template or duplicate backup job template.

I followed the first method in the video.

To create an encryption key

  1.  On the Tools menu, click Encryption Keys.
  2.  Click New.
  3.  Type the name for the Key.
  4.  Select the type of Encryption
  5.  Provide the pass phrase.
  6.  Confirm pass phrase.
  7.  Select the type of key. (Common / Restricted).
  8.  Click OK

Common: Any user of this installation of Backup Exec can use the key to back up and restore data.

Restricted: Anyone can use the key to back up data, but only the key owner or a user who knows the pass phrase can use the key to restore the encrypted data.

Selecting An Encryption Key For A Backup Job:

  1.  On the navigation bar, click the arrow next to Backup.
  2.  Click New Backup Job.
  3.  Select the data that you want to back up.
  4.  On the Properties pane, under Settings, click Network and Security.
  5.  In the Encryption type field, select the type of encryption you want to use.
  6.  In the Encryption Key field, select the name of the key to be used for encryption.
  7.  Process the backup job as normal.

Hope this article helps...

Regards...

Comments
Sreejith_P_G
Level 2

hi,

Thanks for the useful information

Muthuk
Not applicable

Its useful kiran..i will implement this one to my environment...

Thanks a lot..

rendersr
Level 5
Partner Accredited

Sounds great... Any idea what the backupspeed is on LTO4 hardware?

V4
Level 6
Partner Accredited

For LTo4 max is 120mb/s

vickyj
Level 4
Employee

Can we create backup job using password protection ??

And after creating the encryption key the compression rate goes down ??

After researching - I found the below given Steps...

You can protect the backup data by giving a password. Do the following to
achieve the same.
1.Open backup exec
2.Select the data to be backed up or edit the job definition
3.Click on devices and media tab
4.Select "Password protect media" option and give the password.
5.Run the job.

When a password-protected media is taken to another location, such as
another media server, the password is required to catalog the tape.\

There is no direct way to prevent a user from restoring the backed up tapes
on the media server.

However, you can delete the existing catalog from the server. In this way, catalog should be run before restore. As the tapes were password protected, password will be required for cataloging the tapes.

1. Create a backup job by specifying password in the "Password protect media", as mentioned in the earlier mail

2. Go to Devices tab > double click the media shown in the upper right pane and compare the Media ID shown with the file name present in the \program files\Veritas\Backup Exec\Catalogs folder. This file is related with the catalog of the tape.

You can delete this file after stopping all Backup Exec services. After deleting this file the backed up data will not be listed in the Restore selections. When the restore is required, you need to run catalog with password specified in the catalog job. Otherwise, the catalog will not run.

Please note that there is no way to restore the data from the tapes without the password, when the tapes are password protected.

Version history
Last update:
‎02-09-2011 09:25 PM
Updated by: