Showing results for 
Search instead for 
Did you mean: 

netbackup data security

Level 4

this might be a simple question, then again......

we have been asked to provide information detailing how safe a clients data is on the same tape as another clients tape.  Our environment is such where we only ever use the one volume pool, but no tape ever leaves the tape silo, so in our mind there is no reason to have different pools for different clients.

Does anyone know of any information that details how safe your data is on tape, how netbackup ensures that the data is not accessible to other clients.
a real bonus would be a regulatory accreditation, but this might be a stretch.

We know we could use encryption for this clients data, but we want to prove that our method of storing data is safe as well.


Partner    VIP   
I don't think different volume pool improves security. But having many volume pool is absolutely a performance killer as tapes and drives can't be shared.

One way of proving reliability is by performing periodical restore test (and document it). It's something required if you are into the GXP regulation.

Have you considered LTO4 built in encryption ?.

Level 6
one good reason to have seperate pools for different clients is this hypothetical: one day client A wants all of his media for legal battle, then next day client B needs a critical restore.  if you had both clients on same media, you are now toast. 

if you can be sure that would never happen then you may be ok.  except old man "murphy" is always on the look out for opportunity.

Level 6
If you are a netbackup admin, and can access the console and all the servers are backed up to your netbackup media servers.
then you can restore files to any server.
does not matter if it is on the same tape or a different tape.

Do you know of anything in your environment that would prevent you from restoring files from customerA's server on to customersB's server?

Level 4
the question is more about whether or not there are any protocols that protect data that is shared on one tape.  we know that admins are pretty much all powerful, and can restore data anywhere, but we limit the number of admins and accept that as a risk.

we wondered more if there is any chance of data from a shared tape being accessed accidently by a client who is restoring their data from the same shared tape.  We know the chances are remote, but is there any documentation to say why these chances are remote

cheers for your replies so far

Level 6
Partner    VIP    Accredited Certified
One client cannot access another client's backup - not on same tape and not on different tape. Clients have no access to tapes - just to catalog information on the master server. Only the master server knows which backup images are on which tapes.
Client's can by default browse and restore their own data - you can even restrict that.

Managing client restores
is covered in NBU Admin Guide I.

How NetBackup enforces restore restrictions
By default, NetBackup permits only the client that backs up files to restore those files. NetBackup ensures that the client name of the requesting client matches the peer name that was used to connect to the NetBackup server.

The following topics explain how to allow clients to perform redirected restores. Ensure files mentioned in these sections do not exist on the master server:

To allow all clients to perform redirected restores

To allow a single client to perform redirected restores

Level 4
A lot of the security of is based on DNS in NetBackup. If you have rights to change DNS entries can you restore any filesystem backup to any client.

Different volume pools doesn't provide any extra security as said above, but in my opionon is it a good idea to have different pools for each customer.

Level 3

sorry, I misread the original post - please remove my post.

Level 6
Data on your tape is as much safe as security of physical access to your tape library :)
Nb backups can be imported from tape in different environment unless you enable encryption.