I am just running the encryption directive on all my backups.
I wonder if there is a way to store the "key" on a different server so in the the event that my backup tape gets misplaced I am not giving the criminals both the data and the key at the same time
Are you saying it is metadata because it is encrypted?
If so, back to the original concern - Maybe a little more explaination would be helpful, so
If I backup my server using the encryption directive and somehow someone get a hold of my tape would they be able to restore all the data once they loaded Networker?
Assume that the phase phrase is the default setting.
Well, you said what if bad guys got your server, right? They would have backup server and what do they do with it? Without access to data on tape, vtl or disk appliance they can't do anything. Without proper DNS they would most likely had issues starting up backup application in the first place.
Your encryption directive protects your network traffic. Encryption on tape should be done with other software (most likely you use LTO so to protect data on tape you just need key management station - note that this is something happening outside NW world).
Got me confused now
You are saying that my data is NOT encrypted using the encryption directive?
I thought we had that hammered out a year ago when I had issues with encryption.
It was my understanding that I could use either Networker or a 3rd party software/hardware to encrypt my data.
With the options at hand and a budget to live with I opted for Networker
Imagine that you data is encrypted on tape. Now, in case you loose backup server how do you scan it? You need old password, right? OK, imagine you have one. Where is password option for scanner? There isn't one. Your data traffic is encrypted, but not data on tapes. That's my understanding. If you have two servers, give it a try:
- create text file
- do backup of text file to tape
- move tape to second server
- scan it
- restore text file and see if you can read it in plain text
Of course I could be wrong, but I believe I remember it has been mentioned on this forum that encryption used by NW is solely used for traffic from client to storage node. Wonder how that works with DD Boost. I can only assume that if this is valid for ssid on tape that scanner would check against phrase set on server properties, but scanner was always acting outside server so there is enough place for doubt. If I were you, I would test it first.
Hi, there. I'm pretty concern about this topic, but still have some different questions to ask.
a. Where is the metadata stored?
b. Is it stored encrypted?
And the last, sorry if it sounds foolish:
c. Can I apply an Encryption Directive if my networker server don't have a Restricted Zone difined? Where do I see if its applied to a client, for example?