05-21-2014 08:18 AM
Is there a log file stashed someplace that can be viewed to verify that data is indeed being encrypted? Looking for a way to determine this without going through and deleting/changing the keys and would think that something should show up in a log to present either status or progress??
05-21-2014 08:41 AM
05-21-2014 09:40 AM
Does that go for any of the logs that Backup exec generates aside from the job log?
05-21-2014 09:53 AM
05-21-2014 10:26 AM
The job log will show your encryption selections and the results.
Backup Options |
---|
Media operation - Append to media, overwrite if no appendable media is available. Compression Type: Hardware [if available, otherwise none] Encryption Type: Hardware |
Backup Set Summary |
---|
Backed up 2 files in 2 directories. Processed 2,147,484,508 bytes in 1 minute and 3 seconds. Throughput rate: 1950 MB/min Compression Type: Hardware Encryption Type: Hardware |
05-21-2014 12:36 PM
Is that enough to say that the data going onto that media from that particular job IS being encrypted?
05-21-2014 12:44 PM
The sgmon log mentioned above will have SPOUT (Security Protocol Output) commands listed. Tape drives supporting encryption use this SCSI command to encrypt the data before it is written to tape.
Here's a document from HP that explains what goes on behind the scenes:
http://h20195.www2.hp.com/V2/GetPDF.aspx%2F4AA1-4878ENW.pdf
I am sure there is one out there from IBM too.
05-21-2014 01:16 PM
I assume that depends upon your needs and level of trust.
Some folks verify every single tape is encrypted. Some folks verify that it encrypted one test tape once upon a time. Some folks totally trust the job log. Some folks verify it when they test their off-site restore capability.
FWIW, I haven't heard of anybody saying the job log was not reliable in this regard.
05-22-2014 12:28 AM
05-22-2014 01:45 AM
05-22-2014 04:47 AM
Correct. My reasoning for looking for something simple like a log file is to be able to determine if some of our sites are indeed encypting their backups as mandated. A simple file would make it much easier and less intrusive for me to get the information I need instead of removing keys and running extra jobs to prevent creating a visible audit trail along with suspisions and in return people trying to cover their tracks for something they are mandated to do but aren't.
05-22-2014 07:09 AM
No. There is nothing in the job log that will show that the data is being encrypted.
Not correct.