Data Protector Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

Encrypting communication between the servers and cell manager & Encrypting data on tapes

SOLVED
Go to Solution
Highlighted
Trusted Contributor

Encrypting communication between the servers and cell manager & Encrypting data on tapes

Hello Expert,

 

I am using Dp6.21 with cell manager on windows 2003. Almost all clients are also windows only, except 3 Solaris clients.

Now we got a request from our management due to auditing request that " We need to encrypt communication between server & Cell manger and Encrypting data on tapes".

 

For that we have purchased the license also which is "BB618BAE". 10nos

Can anyone please help me out how to install these licenses with any documents availaible and is this license are ok for our both objectives?

 

Thanks for any support in advance.

 

Regards

9 REPLIES
HPE Expert

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

You can install the license either from the GUI

   - Go to the Client context, expand your list of clients, click on the hostname of your Cell Manager to high-light

       Right-click on the hostname of the Cell Manager, click on Edit (top left corner of the screen), click Add,

       Pick License, and type in the license string

or, my preference

   - On your Cell Manger, edit the file using Notepad

           Program Files -> Omniback -> Config -> Server -> Cell -> lic.dat

     and either type in the license string, or Copy and Paste it from your e-mail.  Since I am the world's worst typist, I prefer to

     Copy / Paste

 

Save the file, stop and restart Data Protector.  Check your license installation by running this fro the MS-DOS prompt on the Cell Manger

           cd \Program Files\Omniback\bin

           omnicc -password_info

 

Enabling Encrypted Communications is done by right-clicking on the Cell Manager, and on each client, and clicking Enable Encrypted Communications

 

For more information, in your GUI, click Help -> List Topics, and search 'Encrypted', there is a lot there.  Also, on the SSO site, which you used to make this inquiry, click on Manuals, click HP Data Protector, chose version 6.20.  There is a whitepaper there that deals with Encrypted Communications Certificates that you should probably have

 

Finally, there have been a lot of problems reported with Encrypted Communications.  Please be sure that your patches are up to date

Trusted Contributor [Founder]

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

"Finally, there have been a lot of problems reported with Encrypted Communications.  Please be sure that your patches are up to date."

 

BOY, is THAT an understatement.

 

Also, make sure you understand the difference between ECC and encrypting the tapes - they are NOT the same thing.

 

Bob, for you, did one of the patches allow starting encryption on a "clean" (for lack of a better word) cell manager via the GUI?  When I went through 6.2(1) and enabled ECC, I had to run a command line on the CM and then was able to add ECC for the rest of the clients in the cell.

 

Ken

Trusted Contributor

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

Hello Bob & Ken,

 

Thanks for your feedback and suggstion on encrypting the data. I will go for the encrypted backup with the latest patches.

 

Ken, Also, make sure you understand the difference between ECC and encrypting the tapes - they are NOT the same thing.

 

As I am having LTO-3 Tape drive and I believe drive basd encryption is not supported on this, Hence If am using only the encrypted communication license "BB618BAE" is the data on tape is not encrypted?

 

Regards,

HPE Expert

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

Ken, while the 2 most current sets of patches fixed ECC problems (specifically, the Core patch), none addressed the particular issue that you are talking about

 

Syed,  HW encryption was not made available until LTO-4

Trusted Contributor

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

Hi Bob,

Then how my backup data on tape will get encrypted as I have LTO3 only. Will software encryption not encrypt my backup on tape?
Frequent Advisor

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

Hi

 

Yes it will be encrypted on tapes with software encryption.

 

Software encryption encrypts at the Disk Agent level, so right at the begining. Data stays encrypted on the wire and then on tape. This correspond to the licenses you bough. So it protects your data during transport and on storage.

 

Hardware encryption encrypts data when it arrives in the drive. It protects your data only on storage, not during transport. This is not subject to license in DP.

 

You might also consider Encrypting Commands and Control. This is the commands from Cell Manager to clients and backwards. This protects the command traffic, not data. This is not subject to license in DP.

 

Regards

JM

 

 

Regards
JM
Trusted Contributor

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

Thanks alot Michel for the reply. ..
Occasional Visitor

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

Hi All,

 

I have a similar issue.

We have enabled ECC in HP Data Protector lately in our environment for encrypted communication and post the same backup is running fine and no issues in client and CM.

But we are not able to connect the HP DP Server from clients via HP DP Console from client(Windows 7,8). and get below error wile connecting. We monitor the backups and perform other related tasks remotely from this console.

Connection to CRS failed.
To start the Data Protector daemons on the Cell Manager host use the command
omnisv -start on the Cell Manager
or check if the communication between the Cell Manager and client is encrypted with the command
omnicc -encryption -status -all on the Cell Manager.

Please suggest for the same.

Trusted Contributor

Re: Encrypting communication between the servers and cell manager & Encrypting data on tapes

I believe that software encryption will effectively disable compression on the tape drive.

You might want to consider using software compression instead.

Regards

Jeremy