|
No one addressed BRMS, so I will. BRMS will encrypt tapes as it writes them. It's incredibly easy to set up >and knowing how it's set up makes it transportable to DR sites etc.You are right that BRMS encryption is an option. We did not go that way (because of the possible impact on the length of our backup windows). Since we use hardware encryption, there is nothing to do at BRMS level. BRMS is not even aware that there is encryption going on.
Good to know, but to be honest, setting up hardware encryption is also very, very easy. Just associate the tape drive with the IP address of the SKLM server. Takes less than a minute per tape drive.
It requires the Advanced portion of BRMS (While you're at it add the Network piece too) which is dirt >cheap and won't affect maintenance much at all (a couple of dollars a year) Adding all three pieces gives >you the ability to use the Enterprise portion of BRMS which is nice to keep all the parts moving together.
Upsides: Easy to set up maintain
Easy to move tapes between partitions say production and developmentSame thing here. We do have another TS3500 at our second data center where our development and DR system are located. This TS3500 is configure to access the SKLM server also so everything is transparent.
I do not know by how much this would affect the backup time, but this is one of the reason we went with hardware replicaton.
Downsides: Uses CPU on the partition to do the encryption. This can cause backups to run longer.
Does that mean that all BRMS encrypted backup uses the same encryption keys? If so, where does that key come from? If it comes from BRMS itself, what do you do if it becomes corrupted? You can not restore it from backup since they are encrypted. Or am I misunderstanding.
BRMS also encrypts all the tapes the same, whereas when the tape library does it, each tape is encrypted >differently. That only matters if your level of paranoia is quite high. (High paranoia is a good thing when it >comes to computer security)
True, for software or hardware solution, there are extra feature that needs to be purchased.
Also, for the tape library to do encryption it must have the correct feature codes on it, so just getting SKLM >going does not provide for encryption. We always order tape libraries with the encryption feature code, so >our customers never even question it, but most of the devices I've seen out there do not have it.
True but fairly easy to do. SKLM support slave server. So we just configure a slave server at our DR site and voila.
Another problem with device level encryption, you MUST KNOW how to set up the DR site with the same >equipment and encryption capabilities. YOU MUST have the keys etc. available. If not all you have is >worthless very expensive mylar tape you can let the kids play with.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.