Highlighted
8 Krypton

Encryption password per client, not per datazone

Hi all,

In our shared environment we have several customers who would like to encrypt their backup data.

I've found that it's possible to configure a datazone password, but this way all our customers will use the same password, since they are all in the same networker data zone.

Is it also possible to set a client password, instead of a datazone password?

This way we would be able to set a password to all the clients of one customer, and another password to all the clients of another customer, ...

Even better would be if the system administrator of a client can set a password.

Another small question about encryption:

Where is the data being encrypted? Is it on the client, so that the encrypted data is sent over the network?

Or is it being encrypted on the storage node, so that plain data is sent over de network, and being encrypted before it is put on a networker media?

Kind regards

Tags (2)
0 Kudos
1 Reply
8 Krypton

Re: Encryption password per client, not per datazone

Hi Tim,

Is it also possible to set a client password, instead of a datazone password?

No.  If you have security permissions per host set correctly that should not be an issue - at least if you have only file system backups.  With databases I'm aware that certain permissions are required for specific users and same user (eg oradba) may exist on multiple hosts thus breaking the concept... 

Where is the data being encrypted? Is it on the client, so that the encrypted data is sent over the network?

Or is it being encrypted on the storage node, so that plain data is sent over de network, and being encrypted before it is put on a networker media?

I didn't play with aesasm, but I believe it works pretty much as all other similar asm features - it is executed on client machine.  Be careful with that as this will add on CPU activity to client host.

If you are really after encryption as requirement, you should really look into dedicated encryption module (network or storage wise).  What is obvious from trends and roadmaps, storage vendors are starting adding encyption modules to storage arrays and I assume this will be sort of normal thing within next 5 years (along with backup/snapshot integration), but I can understand there are many out there not in position to wait that long.

0 Kudos