Unsolved
This post is more than 5 years old
2 Intern
•
214 Posts
0
5902
November 9th, 2015 07:00
Data Domain Encryption
Hi there,
I need to enable encryption on an existing pair of Data Domain DD2500 which are currently replicating via OST in BE2015. I have a few questions which I'm hoping someone can help with:
- Can encryption just be enabled on both sides independently or do you need to share the keys?
o Does enabling Backup Exec OST replication affect this?
- In the encryption whitepaper it makes reference to a security officer role that can enable/disable encryption but it doesn't appear in enterprise manager. Do anyone know if the admin role encompass this?
- How can you replicate/share the encryption Keys in case of corruption?
Many thanks,
Ed
0 events found
No Events found!
umichklewis
4 Apprentice
•
1.2K Posts
1
November 9th, 2015 08:00
I'm assuming you're referring to Data-at-Rest Encryption. If you're using local key management on each DD array, you're effectively using a unique key on each DD2500. They don't have to share the same key, since the filesystem encryption is local/unique to each DD array already.
The security officer role is distinct from the admin role. If you follow the section in the documentation in regards to enabling encryption, you'll see you need to create a new user with the right role. You'll also need to login with this role to enable things.
You can export the keys from the CLI with "filesys encryption keys export". Let us know if that helps!
Karl