Solved: NDMP and Encryption

FCITDEPTAMATTHEYCOM · ‎2011-08-11

Hi,

We have a FAS2040 connected via fiber to an HP LTO 5 Auto loader. Backups to tape via NDMP and backupexec on a VM work fine.

My question is about encrypting the data before the data goes on tape. I know we can buy an encryption kit for our tape drive which is a USB stick but it costs silly money. Is there another way but still using NDMP? I see backupexec do software encryption but since the actual data isnt passing through the backupexec server im sceptical that it would work. Does the fas2040 have a way of encrypting before it outputs it to the tape?

Many thanks

aborzenkov · ‎2011-08-15

It is true that NDMP rules out host based (software) encryption. But BE supports hardware based encryption; HP LTO5 does offer encryption support and should be supported by BE. It also is expected to work with NDMP - in this case SCSI pass through is used to upload keys into tape drive.

So it is quite possible that everything that is needed to use encryption is already in place. Of course, it means that keys are managed by BE and only BE will be able to restore data. I do not know whether (hardware based) encryption is separately licensed feature of BE.

View solution in original post

shaunjurr · ‎2011-08-15

The answer would be "no".

Be prepared to open your wallet. NetApp also sells encryption hardware that you can use a number of different ways, also for SAN setups.

aborzenkov · ‎2011-08-15

It is true that NDMP rules out host based (software) encryption. But BE supports hardware based encryption; HP LTO5 does offer encryption support and should be supported by BE. It also is expected to work with NDMP - in this case SCSI pass through is used to upload keys into tape drive.

So it is quite possible that everything that is needed to use encryption is already in place. Of course, it means that keys are managed by BE and only BE will be able to restore data. I do not know whether (hardware based) encryption is separately licensed feature of BE.