cancel
Showing results for 
Search instead for 
Did you mean: 

Encryption Based On Schedule

Kev_Lamb
Level 6

I may be blowing smoke here but was wondering if there is an option to have encryption enabled based on a schedule?

My issue is that we are using OST to an HP B6200 server using deduplication and duplication to a second B6200 using NBU SLP's obviously I cannot use encryption on these policies as this would potentially wreck the deduplication, now this is Ok for our auditors on a Daily / Weekly basis as the data is copied on a private link so encryption is not required; however, we do have some policies that require longer term retention and are shipped off on tape, these are covered by an SLP that does a three part backup, 1 to the host B6200, 1 to the offsite B6200 and then 1 to physical tape, this is the one I want encrypted as it is held off our premises.

I cannot see an option to have the encryption based on the schedule, only on client and policy, woudl this potentially require me to create duplicate policies for the ones that require encryption on a monthly basis or is there a simpler option??

 

Kev

Attitude is a small thing that makes a BIG difference
1 ACCEPTED SOLUTION

Accepted Solutions

Nicolai
Moderator
Moderator
Partner    VIP   

You can use KMS (tape drive encryption) and different volumes groups. KMS encryption work on a volume group level and each volume group must be prefixed with ENCR_

A schedule must point to a volume group. By pointing to either ENCR_ volumne group or non ENCR_ volume group you can control if data is encrypted or not on tape.

It worth mentioning that tape drive encryption is almost invisiable for the rest of Netbackup.

It does not require any client or policy configuration like "client encryption" and "media server encryption".

KMS install & config:

http://www.symantec.com/docs/TECH67972

Hope this make sense.

Nicolai

View solution in original post

4 REPLIES 4

Nicolai
Moderator
Moderator
Partner    VIP   

You can use KMS (tape drive encryption) and different volumes groups. KMS encryption work on a volume group level and each volume group must be prefixed with ENCR_

A schedule must point to a volume group. By pointing to either ENCR_ volumne group or non ENCR_ volume group you can control if data is encrypted or not on tape.

It worth mentioning that tape drive encryption is almost invisiable for the rest of Netbackup.

It does not require any client or policy configuration like "client encryption" and "media server encryption".

KMS install & config:

http://www.symantec.com/docs/TECH67972

Hope this make sense.

Nicolai

Kev_Lamb
Level 6

Many thanks Niolai, I will give this a go, certainly cheaper than buying the encryption option for the MSL

 

Kev

Attitude is a small thing that makes a BIG difference

Kev_Lamb
Level 6

Just tested it and it works like a charm, many thanks for the heads up with this.

 

Kev

Attitude is a small thing that makes a BIG difference

Nicolai
Moderator
Moderator
Partner    VIP   

Good to hear - Glad I could help