cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Netbackup encryption over deduplication

jalite275
Level 4

‎09-10-2013 04:15 AM

Some question for data encryption over client-side deduplication:

1. how the encryption key is created, and where is created?

2. where is the key kept (on the client, media server or master server) and how is the key being managed when encrypted backup gets duplicated to another media server

3. where does the decryption occur when restoring data, specially restoring to a different client host which is not the host that was backed up?

Thank you 

5 REPLIES 5

Mark_Solutions
Level 6
Partner Accredited Certified

‎09-11-2013 08:24 AM

Please see the NetBackup De-Duplication Guide - there is a section about de-duplication encryption that explains everything : http://www.symantec.com/docs/DOC5187

It is different to the normal client encryption (which if used would prevent any effective de-dupe taking place)

It starts on P34 and has links to all other information that is related which should cover everything for you

Hope this helps

 

0 Kudos

jalite275
Level 4

‎09-11-2013 08:50 AM

Thanks Mark. I've read read through the dedup guide, it did contain some information about dedup encryption, however it doesn't explain how encryption key is being managed, more importantly I can't find useful information about how decryption work when restoring backup, and where decryption is taken place. I am more interested on when restoring backup to and second client host, the encrypted data gets decrypted on the media server or the target client host.

 

0 Kudos

Mark_Solutions
Level 6
Partner Accredited Certified

‎09-11-2013 09:20 AM

I think that may well be an engineering question - i got the impression that it is all inbuilt into MSDP and so where ever you were it would undertsand what was needed and deal with it

As the encryption does not follow to tape it is only valid whilst inside the de-dupe system so does not need anything more

It probably uses the de-dupe password that the system is assigned when de-dupe is configured and encrypts that with the blofish algorithm

0 Kudos

jalite275
Level 4

‎09-14-2013 04:58 PM

Do we know where the decryption occur during restore? does the media server (storage server) decryptes the data before restoring to the client, or the client does the decryption?

0 Kudos

Mark_Solutions
Level 6
Partner Accredited Certified

‎09-16-2013 01:39 AM

I believe decryption ocurrs at the media server during a restore (as i recall from my earler reading up on this)

0 Kudos