12-05-2011 12:11 PM
We are using Backup Exec 2010 R2 V13.0.
We have setup B2D, B2T and then B2T2T jobs via policies. Bascially, backing up to disk and then to tape twice from the to disk version. Second set of tapes is for off-site storage.
This has been running well for some time and we are overly pretty happy. The auditor wants us to encyrpt the data on the tapes. So, now we face the challenge of a reconfiguration of our policies for each job.
Our current policies are setup as follows:
The B2D job uses hardware compression and no encryption.
Both B2T jobs use hardware compression and no encryption.
From readings Symantec recommends using software compression and software encryption. Is this correct?
I can turn on software encryption and software compression for the B2D job.
In the 2 B2T jobs, we are not offered the capability of software compression, only none and hardware.
If I create new backup jobs disk or to tape, I can select software compression and software encryption. When using a policy, I can not see any option for software compression.
Is there anyway to establish sofware encryption on backup to tape jobs that are part of a policy or are these other recommendations?
Solved! Go to Solution.
12-05-2011 05:23 PM
For your B2T jobs, you should not enable both compression and encryption since your B2D job have already done both.
12-05-2011 12:40 PM
While editing a policy or rather a policy template, you can specify encryption under Network & Security backup options...
generally, would not recommend mixing compression with encryption, but if you still need to compress & encrypt, then stick to software compression with software encryption
12-05-2011 01:18 PM
Sorry, must not have explained our problems clearly.
In the policy,
1) On the B2D job, we can select software compression and software encryption. So that would be good.
2) On both the B2D jobs, we can select software encryption, but the compresion options are limited to "None" and "Hardware - if available, otherwise none". Why can't we see the option for software encryption in the "Advanced" tab in the B2T jobs within the policies?
Thanks for any guidance
12-05-2011 02:07 PM
Usually, compression/encryption options would not be available for the duplicate template if they have already been enabled in the primary backup job template...
So are these duplicate job templates ?
12-05-2011 05:23 PM
For your B2T jobs, you should not enable both compression and encryption since your B2D job have already done both.
12-05-2011 05:50 PM
OK, so I can turn off compression and encryption for the both B2T jobs. Thanks for this info. I won't be able to see the results until next Monday.
But I do have a question still. Will the data on both backup tapes then be encrypted? That is the advice / recommendation of the auditor and what we are attempting to achieve.
Thanks so much
12-05-2011 05:58 PM
You have already encrypted the data to disk and your B2T is just a copy of the disk data.
12-05-2011 06:04 PM
Very good.
I'll try a test job with a policy tomorrow night and then update this thread on Wednesday. Thanks for the help.
12-06-2011 06:18 AM
So I was able to run a test job last night, using the templates.
I set compression and encryption on the B2D job to software and the job ran fine and the results show that encryption was set to software.
I set compression and encyrption on the B2T jobs to none (both) and the job ran successful, but shows no encryption. Is there anyway to identify that the data on the tapes is actually encrypted?
Thansk for all the help, so far so good
12-06-2011 05:56 PM
To test that your tape is encrypted.
1) set up a new encryption key.
2) use this new encryption key to do a B2D2T backup.
3) delete this new encryption key.
4) do a restore from the tape created in Step 2. It should prompt you for the new encryption key.
12-07-2011 09:27 AM
Excellent idea. I will try this tonight and then update the post tomorrow
Thanks much.
12-13-2011 02:14 PM
Finally got back to this, sorry, busy here.
Anyway, when I go to the test job where we did the encryption and compression on the B2D job and then to Network and Security and tried to Manage Keys and tried to delete the Encryption Key. Got an error message that states "An error occurred when attempting to delete Test_Encryption_Key". The encryption key is still there but is no longer associated with th backup up.
I also tried deleting the key from a test backup job and got the same error.
At this point, I am still able to restore from both the B2D and B2T jobs.
Any advice for this issue?
12-13-2011 02:29 PM
Have you looked at http://www.symantec.com/docs/TECH148653 ?
12-14-2011 06:13 AM
Had to go to Edit -> Manage Selection Lists and then View Selection List Details and excluded all resources from this list. Once I got that done, the selection lists never showed up when I tried to delete the Encryption Key. So I did this for all selection lists and I was then able to delete the encryption key.
Once the encrytion key was deleted I had to input the text encryption key in to restore from the B2D and B2T jobs. So we are good.
I will close this post and assign an answer as above.
Thanks for the help.