on 02-09-2011 09:25 PM
Backup Exec provides the ability to encrypt data, which helps us in protecting data from unauthorized access. Backup Exec provide the Software Encryption, but it also supports some devices that provide Hardware Encryption with the T10 standard.
Backup Exec supports two security levels of encryption: 128-bit Advanced Encryption Standard (AES) and 256-bit Advanced Encryption Standard. For 128-bit AES pass phrase must be atleast 8 characters, whereas 256-bit AES pass phrase must be atleast 16 characters. The 256-bit AES encryption provides a stronger level of security because the key is longer for 256-bit AES than for 128-bit AES. However, 128-bit AES encryption enables backup jobs to process more quickly.
When you install Backup Exec, the installation program installs the necessary encryption software on the media server and on remote computers that use the Remote Agent. Backup Exec can encrypt data at a computer that uses the Remote Agent, and then transfer the encrypted data to the media server. Backup Exec then writes the encrypted data on a set-by-set basis to tape or to a backup-to-disk folder.
Software compression can be used along with the encryption option. First BE compresses the files, and then encrypts them. However, backup jobs take longer to complete when you use both encryption and software compression.
Configuration:
I followed the first method in the video.
To create an encryption key
Common: Any user of this installation of Backup Exec can use the key to back up and restore data.
Restricted: Anyone can use the key to back up data, but only the key owner or a user who knows the pass phrase can use the key to restore the encrypted data.
Selecting An Encryption Key For A Backup Job:
Hope this article helps...
Regards...
hi,
Thanks for the useful information
Its useful kiran..i will implement this one to my environment...
Thanks a lot..
Sounds great... Any idea what the backupspeed is on LTO4 hardware?
For LTo4 max is 120mb/s
Can we create backup job using password protection ??
And after creating the encryption key the compression rate goes down ??
After researching - I found the below given Steps...
You can protect the backup data by giving a password. Do the following to
achieve the same.
1.Open backup exec
2.Select the data to be backed up or edit the job definition
3.Click on devices and media tab
4.Select "Password protect media" option and give the password.
5.Run the job.
When a password-protected media is taken to another location, such as
another media server, the password is required to catalog the tape.\
There is no direct way to prevent a user from restoring the backed up tapes
on the media server.
However, you can delete the existing catalog from the server. In this way, catalog should be run before restore. As the tapes were password protected, password will be required for cataloging the tapes.
1. Create a backup job by specifying password in the "Password protect media", as mentioned in the earlier mail
2. Go to Devices tab > double click the media shown in the upper right pane and compare the Media ID shown with the file name present in the \program files\Veritas\Backup Exec\Catalogs folder. This file is related with the catalog of the tape.
You can delete this file after stopping all Backup Exec services. After deleting this file the backed up data will not be listed in the Restore selections. When the restore is required, you need to run catalog with password specified in the catalog job. Otherwise, the catalog will not run.
Please note that there is no way to restore the data from the tapes without the password, when the tapes are password protected.