Encryption Plugin

386 views
324 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
386
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Encryption Plugin

  1. 1. Title Page APM /plugin   user' s   guide for the Encryption Plugin NVE 7009-22B 03/04-04
  2. 2. Copyrights Software Copyright © 2004 BakBone Software APM/Plugin User’s Guide for the Encryption Plugin Copyright © 2004 BakBone Software Printed and online versions. This software product is copyrighted and all rights are reserved. The distribution and sale of this product are intended for the use of the original purchaser only per the terms of the License Agreement. All other product trademarks are the property of their respective owners. The APM/Plugin User’s Guide for the Encryption Plugin documentation is copyrighted and all rights are reserved. This document may not, in whole or part, be copied, photocopied, reproduced, translated, reduced or transferred to any electronic medium or machine-readable form without prior consent in writing from BakBone Software. THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED INTO NEW EDITIONS OF THE PUBLICATION. BAKBONE SOFTWARE MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS PUBLICATION AT ANY TIME. BakBone Software 10145 Pacific Heights Boulevard, Suite 500 San Diego, California 92121 858.450.9009
  3. 3. A P M /p l u g i n   u s e r ' s   g u i d e Encryption Plugin EN.0.0 - The Encryption Plugin - An Overview .................................................... 3 • EN.0.1 - Encryption Algorithms ............................................................................................ 3 EN.1.0 - Target Audience ............................................................................................... 3 EN.2.0 - Installation of the Encryption Plugin ..................................................... 4 • EN.2.1 - Installation Procedure ............................................................................................. 4 • EN.2.2 - Removing the Encryption Plugin ............................................................................. 5 EN.3.0 - Using the Encryption Plugin....................................................................... 6 • EN.3.1 - Backing Up and Restoring Encrypted Data .............................................................. 6
  4. 4. 2 Encryption Plugin
  5. 5. NetVault APM/Plugin User’s Guide 3 EN.0.0 The Encryption Plugin - An Overview NetVault's Encryption Plugin allows data to be encrypted for a backup. This plugin encrypts data at its source (e.g., on a NetVault client that is being backed up). Therefore, the following steps will take place during an encryption: 1. The NetVault server will initiate a backup. 2. Data is then encrypted at its source (i.e., on the client). 3. Encrypted data is then transferred across the network to a storage device (e.g., tape in a drive). EN.1.0 Encryption Algorithms When data is encrypted, a pre-set algorithm is used. The Encryption Plugin allows for the implementation of different algorithms for this purpose, but the following algorithm is used by default: CAST-128 - a 128-bit ECB encryption mode, used in ECB mode. EN.2.0 Target Audience This plugin offers no control of backup or restore operations. It is only used for enabling and configuring encryption for a backup. As encrypting a backup can affect overall performance, it is recommended that this plugin be used only by administrator-level users.
  6. 6. 4 Encryption Plugin EN.3.0 Installation of the Encryption Plugin Important Notes: 1. Once installed, the Encryption Plugin cannot be removed from the target machine. 2. The Encryption Plugin does not function with the following NetVault APMs: Oracle RMAN Informix Due to the nature of the Encryption Plugin, it conflicts with data transfer of backup and restore operations performed with these APMs. If the Encryption Plugin is used with Informix or Oracle RMAN backups, the data will be encrypted as expected but the restore process does not decrypt the data stream, hence the restore will fail. If either of these APMs are currently in use, or will be in the future, do not install this plugin. If the Encryption Plugin has already been installed, as a minimum it must be disabled (turned off) on the system that utilizes either of the aforementioned APM's in order to perform backups or restores. However, it is recommended for any systems that utilize these APM's that the NetVault software be removed and re-installed on these systems (NetVault Server or Client that hosts the referenced database(s)). Prior to doing so, please ensure that the Encryption Plugin is not required to restore any previously encrypted backups. Once the Encryption Plugin is removed, any backup jobs previously performed will not be able to be restored without the plugin. EN.3.1 Installation Procedure Figure EN-1: 1. Open the The Client Management NetVault Client window of the Management NetVault GUI window by clicking the Client Management button on the NetVault GUI (or select Client Management from the Administration pull-down menu). 2. Right-click on the desired NetVault machine in the Clients list. 3. Choose Install Software from the pop-up menu (as shown in the figure on the previous page). 4. Navigate to the location of the “.npk” installation file (e.g., the NetVault APM Installation CD or the directory where the file was downloaded). Select the file (e.g. cspxxxx.npk), click on Open, and the installation process will begin.
  7. 7. NetVault APM/Plugin User’s Guide 5 5. When the installation has completed, a successful installation message will appear in the Install Software dialog box, as shown below. Figure EN-2: 6. Based on the operating system in The confirmation use (UNIX-based vs. Windows- dialog box that based), the message contained in appears after a successful the dialog box returned after installation on successful installation will vary. a Windows- based UNIX-based - The message machine will describe the need to stop and restart NetVault Services. (This is performed via the NetVault Configurator. Details on this process can be found in the NetVault Configurator Guide.) Windows-based - The message will describe the need to reboot the machine (in which case NetVault services will be stopped and restarted again and necessary “.dll” files will be run).. Note: This final step must be performed or the plugin will not function properly. EN.3.2 Removing the Encryption Plugin Figure EN-3: As previously noted, once The dialog box that will appear installed, the Encryption Plugin when an cannot be removed. If an attempt attempt is made to is made to remove the plugin (i.e., remove the via the Client Management Encryption window), a dialog box will launch Plugin stating that the plugin cannot be removed. Note: Even though the Encryption Plugin cannot be removed after it is installed, it can be enabled and disabled. Please see the following section, Using the Encryption Plugin, for details on enabling and disabling the plugin.
  8. 8. 6 Encryption Plugin EN.4.0 Using the Encryption Plugin Unlike other NetVault plugins and APMs, once the Encryption Plugin is installed, it is not accessed via the Backup/Restore windows. To utilize this plugin, an administrator must launch the NetVault Configurator and perform the following: 1. From the NetVault Configurator, select the Encryption tab. 2. With the tab active the following options are available: Use Secure Encryption on the Client checkbox - Select this option to enable encryption on the client. Figure EN-4: The Encryption tab as revealed in the NetVault Configurator Encryption Key String field - This field allows an administrator to input a password-like value that will serve as an Encryption Key for the machine. As previously noted, an encryption is performed at its source (e.g., on the client being backed up). Therefore, this value, which is exclusive to this machine, is used for its encryption. Encryption Algorithm (Blank = Host Default) field - Use this field to input a different encryption algorithm to be used, as desired. If left blank, the default (CAST-128) will be used. Key Parser (Blank = Host Default) field - Use this field to input a different key parser to be used, as desired. If left blank, the default key parser (MD-5) will be used. 3. With all values properly set, click on OK to authorize the settings and close the Configurator. Encryption is now enabled for the selected machine. .
  9. 9. NetVault APM/Plugin User’s Guide 7 Important Notes: 1. Once encryption is enabled, all backed up data from this client will be encrypted. This is the case regardless of APM or Plugin used (except in the case of an offline backup using NetVault’s VaultDR Plugin. This plugin, used in a disaster recovery environment, takes a target client completely offline for the purpose of backing up the entire system. Therefore, NetVault Configurator settings made for this client are ignored). 2. For users of the VaultDR Online Plugin (NetVault’s live backup disaster recovery utility), it is necessary to disable Encryption prior to performing any backups with the VaultDR Online Plugin. Although the plugin will successfully back up data with Encryption enabled, the target machine will not recognize the data in its encrypted state when performing a disaster recovery using these backups, and the recovery will fail. 3. Ensure that any value(s) input in the Encryption Key String field are maintained or logged. If an existing value is removed/changed and is lost/forgotten, all data previously backed up using the Encryption Key String will be lost and unrecoverable. 4. Unless well-versed in the use of encryption algorithms and key parsers, it is recommended that these fields be left blank and the defaults used. EN.4.1 Backing Up and Restoring Encrypted Data The Encryption Plugin offers no exclusive backup/restore controls and once set up on a specific client, all backups and restores are performed as normal on their respective APM or Plugin. However, when backing up or restoring encrypted data, a few points should be taken into consideration: When a backup is performed, the backup index will not be encrypted. Overall system performance will be affected during the backup and restore of encrypted data, as the encryption/decryption process is CPU intensive. An encrypted backup can be restored to either its original location or to a new target machine. In either event, the Encryption Plugin must be installed on the target machine and it must be configured as it was when the backup occurred (i.e., in regards to Encryption Key String, Algorithm and Key Parser fields), or the restore will fail.

×