Do not know: Best Operation Guide for tape backup Encryption

Source: Internet
Author: User

Media encryption technology (including tape drive encryption)

Host-Based Encryption technology is the most effective, but its encryption requires a separate system or a group of separated systems. The host-based encryption method cannot encrypt all the data to be output on the host. There are many host-based encryption methods on the market, which can be encrypted through application technologies (such as database column encryption software), host proxy, dedicated storage, or network adapter with encryption functions. Each product provided by the supplier has an important adapter. The storage supplier provides multi-channel, other agents provide in-band interaction, and the storage supplier provides virtualization.

In-band device encryption uses a very similar method. Data transmitted through wires is encrypted and then transmitted to storage connections, so that many different applications and hosts can be shared. Data transmitted between the host and the device is usually not encrypted. This device encrypts multiple hosts and multiple types of storage, including primary storage, archive layer, and even tape.

These devices are typically only applicable to some encrypted storage layers. Vendors that use in-band encryption devices include brocade switches, Cisco Systems's MDS storage media encryption and NetApp's DataFort.

Media encryption technology uses multiple technologies to encrypt data in specific media formats. These technologies may integrate storage arrays to encrypt each drive in the array. More typical is tape encryption, a media backup server, tape library, virtual tape library (VTL), or a separate tape drive (LTO-4 or LTO-5 drive ), data is encrypted when they are written to a disk or tape. For example, the IBM DS8000 series array makes full use of encrypted drives to provide drive-level encryption methods. Quantum also has a scalar series of ATL libraries built into the LTO-5 driver, which can be encrypted like libraries provided by other vendors.

Best practices for tape backup encryption technology

Each complex tape backup method is provided with many corresponding instructions. The best practices for tape backup encryption are as follows:

1. Ensure that all tapes are encrypted. Companies should find a solution to ensure that all tapes are encrypted, rather than allowing access to tapes from multiple other paths (such as multiple archiving and backup systems) or cause unnecessary complexity to management.

2. Encryption close to the destination. Perfect products will encrypt the data at the infrastructure layer to have data optimization and management capabilities to give full play to their role. According to the rules, all tapes should be encrypted, but if encryption starts from the data source, data flexibility and efficiency will be greatly reduced. For example, if duplicate data on the disk is deleted or compressed, or data links across the WAN are lost, data scanning such as backup files will become very difficult. In addition to all disk encryption, you can also consider encryption solutions close to the host.

3. Media-based encrypted tape media encryption aims to reduce risks and minimize the probability of emergency response. Expired media or damaged media must be promptly and correctly processed. This means that each tape requires a key in the worst case for a set of backup tapes or datasets. In this way, both the key and the media are the best protected. Losing a key will lead to the loss of a tape at most. The best way to reduce management is to stick to regular disposal of expired keys to prevent tape from being invalid.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.