09-18-2012 11:36 AM
I encrypt our tapes using the Best Practices guide for this product.
Our IT Auditors want to test this by restoring from thes tapes back to disk.
I have done a restore and all went as planned. However, IT Auditors are concearned this process of restore never asked me for the Encryption password.
How do I respond to this? How can I get a good test to document?
Jim
Solved! Go to Solution.
09-18-2012 01:27 PM
Hi Jim,
Couldn't really find anything around this, but here are a couple of TNs to read through...see if they point you in the right direction:
http://www.symantec.com/business/support/index?page=content&id=HOWTO11721
http://www.symantec.com/business/support/index?page=content&id=HOWTO11722
http://www.symantec.com/business/support/index?page=content&id=HOWTO11718
...and encryption is selected for the job, correct?
Thanks!
09-18-2012 01:27 PM
Hi Jim,
Couldn't really find anything around this, but here are a couple of TNs to read through...see if they point you in the right direction:
http://www.symantec.com/business/support/index?page=content&id=HOWTO11721
http://www.symantec.com/business/support/index?page=content&id=HOWTO11722
http://www.symantec.com/business/support/index?page=content&id=HOWTO11718
...and encryption is selected for the job, correct?
Thanks!
09-19-2012 01:07 AM
IT Auditors are concearned this process of restore never asked me for the Encryption password.
This is by design. If the pass phrase is present in the media server, then you would not be prompted for pass phrase. This is even true when the pass phrase is restricted and the id who is doing the restore is the owner of the pass phrase.
If you want to be prompted for the pass phrase, then either delete the encryption key which is used to encrypt the tape, or use a restricted pass phrase and a user who is not the owner of the restricted pass phrase. The latter option works like this
1) use UserA to create a restricted encryption key.
2) do a backup using this restricted encryption key
3) use UserB to do the restore.
09-19-2012 12:50 PM
Your other option is to install Backup Exec on a test server with the same tape technology attached and then try and do a Inventory, Catalog and Restore without entering the passphrase (You could even temporarily move your existing drive to the test server to prove this and then move it back.)