Unsolved
This post is more than 5 years old
7 Posts
0
3509
Tape encryption key management and Networker?
I'm a small Networker on Unix (Sun Solaris) shop (50 backup clients, backup to 1TB disk, then stage to tape, 200+ LTO3 tape volumes, 15TB/mo., Sun SL500 tape library with 3 LTO3 drives) and I'm currently using Networker-based data encryption (aes directives).
I want to "graduate" from host-based encryption to encrypting tape drives.
I've been looking at LTO4 drives, but I don't want to spend a fortune for encryption key management appliances (which I will have to duplicate at the disaster recovery site). I'm looking for advice on how others in a similar situation were able to implement encryption key management.
While I can certainly understand the reluctance to discuss Networker product futures here, I'll just say that other backup products support integral encryption key management but EMC Networker currently doesn't.
I'm being strongarmed (by pressure from the mainframe clan at my business) to dump EMC Networker in favor of TSM/Tivoli. It's probably because I'm the smallest server group and I'm still in control of my own backups, which I think bothers them as they want to control everything. No doubt TSM is a good product, but I don't want to give up control of my backups and restores to another group for purely political reasons. I have nearly 7 years of working with Networker and while I'm not adverse to learning new products, I am adverse to "change for the sake of change" kind of mentality.
BTW, during our last disaster recovery drill, we (our Unix group) were doing restores just fine while others had to sit and wait while they ironed out their "issues" with TSM and their encryption key server before they could restore their servers. The mainframe people never did achieve their complete recovery within the 48 hour window and had to give up; meanwhile all of our Unix servers were restored and working just fine with many hours to spare. Anecdotal, yes... but the point is that maybe having all of your backup/restore eggs in a single basket is a false economy.
Thanks,
Lee
NetWorkerPM1
22 Posts
0
October 30th, 2009 12:00
We've carried along a key management requirement (for LTO-4, specifically) for several years. There have been several obstacles preventing us from initiating a project, including the feature value of key mgmt compared to virtualization features and de-duplication features. And from a quality perspective we keep placing higher priority on things that have broader imapct to the customer base: backup to disk enhancements, cloning enhancements, management console, for a few examples.
The LTO-4 key management issue hasn't reached a tipping point yet...not enough customer interest (even though I acknowledge yours) relative to other enhancements, the cost-revenue equation is far too imbalanced, and the continuing market trend to B2D/replication technologies leaves tape transport - the primary driver for tape encryption - in a downward trend.
I am still tracking the requirement for key management, but I'm unable to offer guidance on when we will see it in NetWorker.
lroth1
7 Posts
0
November 3rd, 2009 17:00
Thank you for the honest and forthright reply; it's not what I wanted to hear, but I'm glad to have the current status factually presented.
Lee Roth