VOX

Hi Skip,

Thanks for your reply. so would like to confirm whether MSEO satisfies our requirement of encrypting 500 non-encrypted tapes through duplicating images from tape to tape manually as I feel , it would work effectively for any client based direct backup.

Alternatively , do we have any option to encrypt tapes , which were already written and have data inside ?

Regards,

Satish

If the data is already on tape, there is no way to encrypt. You could duplicate your existing tapes to an encrypted drive then expire the copy 1 (the originals).

MSEO would work to run a duplicate from one drive to another and encrypt the data. It would read in the non-encrypted data and then write it out encrypted to the second drive.
 

Hi Skip,

Many thanks for your suggestion. A final question :)

1) MSEO requires a seperate license ? (or) It can be manageable with normal encryption license in master server [ Because we already have encryption license added and can see the encrypt check box in policies ... Does it mean it is  CE [ Client Encryption ] ?

2) MSEO is compatible with LTO 3 tapes and TD 3 drives also ? or we need TD 4 and LTO 4 and latest versions ?

3) What happens when restoration from these encrypted tapes in future to same master server [ No action required ? ] and different master server [ we need to import data from tape and use the same keys ? ]

Regards,

Satish 

Hi Skip,

Also if we license MSEO , all the backup jobs will get encrypted (or) we can restrict it to some policies..

Also since we are duplicating from catalog [ But not from policy ] , how to use the MSEO encryption feature ?

Thanks.

Satish

Hi Satish ,

Yes. MSEO is license based and you need a license per media server basis.

You can do encryption or compression based on volume pool number . If you are encrypting /decrypting with same media server then no problem but if you are trying to import tapes at DR site then you need to import key from source media server to destination server.

Regards,

Paramesh.

Hi Paramesh,

Thanks for your suggestion.

so this MSEO option is comptabile with NDMP policy also right ? All we need is to set the Policy storage unit to "Volume pool" , which have encryption configured through MSEO [ Just like KMS ] and fire the backup ?  In NDMP case, any MSEO agent required in host end ?

Also Is this MSEO is a GUI based (or) it's CLI execution ? [ My master server is solaris ] . Can security keys easily managed through this GUI ? 

Regards,

Satish Kumar

Satish,

There is some configuration that is required. You will need to setup the security server and the MSEO agent on each media server that will use it. There is a MSEO GUI and command line to manage the keys and setup. There are different compression and encryption settings that you can configure and then policy configurations.  Here is a link to the MSEO 6.1.8 documentation. It includes an Admin guide and release notes guide.

http://www.symantec.com/docs/DOC6159

Certain LTO3 drives are supported as well as NDMP jobs. The SORT site (sort.symantec.com) has a link to the install checklist where you can check compatibility for your hardware.

Skip