cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

client-side encryption over deduplication

Go to solution
jalite275
Level 4

‎11-02-2013 06:32 AM

We enabled client-side deduplication and encryption (not policy base encryption) by adding 'agent_crypt' to the ServerOptions of contentrouter.cfg file on the media server (NB appliance media server).

The backup job was completed successful, from job details, I can see it was using client-side dedup, but I can't confirm if client-side encyption is used as I can't find any keyword of 'encyption' nor 'encrpted' in the job details.

How to tell if client-side encyption over dedup has happend?

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Yasuhisa_Ishika
Level 6
Partner Accredited Certified

‎11-06-2013 03:35 PM

Compression in bpimagelist means this image is encrypted by client encryption - not means deduptication encryption.

To comfirm deduplication encryption works, run tedt backup, capture packets, and look into packets.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Yasuhisa_Ishika
Level 6
Partner Accredited Certified

‎11-02-2013 06:59 AM

I have no idea other than looking packets between client and storage server using sniffer like WireShark. contentrouter.cfg is configuration file of PureDisk, and is independent from NetBackup application. 

0 Kudos

Go to solution
sri_vani
Level 6
Partner

‎11-02-2013 01:17 PM

Please verify in bpbkar log and let us know the results

****

Capture the verbose logs of the bpbkar and the bpfilter process on the Client during backup
The log file should have entries specific to encryption

The bpbkar log will have these entries for each file that is backed up….

<4> PackerTAR::startObject(): INF - Data Encryption is turned ON.
<4> PackerTAR::writeEncryptionInfo(): INF - Encryption Type ID = (0)

0 Kudos

Go to solution
Marianne
Level 6
Partner    VIP    Accredited Certified

‎11-02-2013 01:36 PM

Use bpimagelist -L to check some backups.

One of the fields in the output is 'Encrypted':

...
Compressed:        no
Encrypted:         no
Kilobytes:         2652800
Number of Files:   4507
.....
 

Your output should obviously say 'yes'.


Handy NetBackup Links
0 Kudos

Go to solution
jalite275
Level 4

‎11-03-2013 03:53 AM

thanks for all the replies.

bpbkar log from the client machine doesn't contain keyword 'Encryption', I need to find the way to enable its verbose logging.

bpimagelist -L show Encrypted is no, does this output reflects to both policy base encryption and client-side encryption over deduplication for puredisk?

0 Kudos

Go to solution
Marianne
Level 6
Partner    VIP    Accredited Certified

‎11-03-2013 10:14 PM

That is my understanding, but we need to test to know for sure... Unfortunately I don't have access to MSDP at the moment.

Try to force encryption on one client with pd.conf entry (http://www.symantec.com/docs/HOWTO70637) and see what bpimagelist result is.


Handy NetBackup Links
0 Kudos

Go to solution
jalite275
Level 4

‎11-06-2013 06:07 AM

I tried setting Local_Setting, Compression and Encryption to "1" in the pd.conf of one of the Windows client, the backup job completed but bpimagelist output still shows both compression and encryption are No.

Has anyone tested this client-side deduplication encryption and prove it is really working?

0 Kudos

Go to solution
Yasuhisa_Ishika
Level 6
Partner Accredited Certified

‎11-06-2013 03:35 PM

Compression in bpimagelist means this image is encrypted by client encryption - not means deduptication encryption.

To comfirm deduplication encryption works, run tedt backup, capture packets, and look into packets.

0 Kudos