cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup 8.2 need to delete data off of a tape - Is expireing images same as deleting data

bc1410
Level 5

So have a customer that we backup data to tape with the retention set to infinty (2038).   Client came back after the fact that this data was put to tape and then deleted off of the share to say that they need some directories removed from a particular backup that was written to one primary LT06 tape and then we have a secondary tape LT06 as well.   Basically our backups for this client writes the backups twice  to 2 seperate tapes per client request.  

Please correct me if Im wrong -   IS EXPIREING NETBACKUP IMAGES same as DELETING the DATA right??  another words no way that data can be restored etc after Expireing an image...

If thats the case My plan of action remove(EXPIRE/DELETE)  the data from tape is to do the following: 

1) Restore the backup data group that needs to be modified from primary tape.   I have the exact times of this particular group of data was backed up.  (backup started and ended) for the data that need directories removed.  Its sensitive data therefore they do not want any of it on tape.

2) via Admin console under catalog perform a VERIFY on the particular date range for the tapes in question and log it.

3)Once the VERIFY log is completed view it to make sure I have the correct data set.

4)Then under the catalog section of the Admin console this TIME do a EXPIRE on the image(s) 

5) The once the orignal data that was restored is modified to delete the sensative data then run another backup

 

steps 2,3,and 4 will need to be completed on the secondary backup tape as well.

 

Please advise

BC

 

 

 

 

 

5 REPLIES 5

bc1410
Level 5

Or would we need to restore all the data from primary tape to the network and then destroy the primary tape and secondary tapes.   I need to know if expireing the Netbackup image allows for a posible restore of that expired image some how?

I guess safe bet is to restore all data from tapes in question.   Modify the one data set containing sensitve data and then backup everything again to 2 new tapes.   Then of course destory - iron mountain style the orignal primary and secondary copy tapes.

 

BC

 

mph999
Level 6
Employee Accredited

Please correct me if Im wrong -   IS EXPIREING NETBACKUP IMAGES same as DELETING the DATA right?? 

No ...

Expiring an image on disk, would cause it to be immediately deleted from the disk.

Expiring an image on the tape only removes it from NetBackup, it still exists on the tape until the tape is overwritten, meaning it could be imported again, to rebuild the catalog entries in NetBackup.

It is also impossible to expire and delete a single image from tape, it will only be unrecoverable once all the images are expired and the tape overwritten.

Short of re-writing over the entire tapes multiple times, the only sure way of of destroying the data is to either smash the tape up or de-gauss it if you have a suitable machine to do so.

Thanks mph!

 

So I need to basically do what i mentioned with regard to :

I guess safe bet is to restore all data from tapes in question.   Modify the one data set containing sensitve data and then backup everything again to 2 new tapes.   Then of course destory - iron mountain style the orignal primary and secondary copy tapes.

mph999
Level 6
Employee Accredited

That would be safe, yes.

jhromeror
Level 3

Using bpimagelist you need to create a list of backup ID´s. You can filter by clients that you suspect had confidential data in them. Once you have a list, you can use something bpflist -rl 999 -backupid CLIENT_111111111 to extract the FILE information contained in each backup ID so you can search for names of files and folders and validate which images have confidential data. All this can be done without having to access the tapes. 

Once you have a clear inventory of backups and tapes that contain the sensitive data, you can proceed to RESTORE the non-confidential data, do a new backup that does not contain this data, do a bpflist of the new backup and crosscheck to make sure no data made it to the new backup image. Once that is done you can expire the previous image, once all images on a tape are expired from the catalog the tape it will be de-assigned. At this point you can do a bplabel to make sure the tape can be imported or destroy the cartridge.