HPE Community
Operating System - HP-UX
1754021 Members
7377 Online
108811 Solutions
New Discussion юеВ

Encrypting Ignite backups

 
adam donald
Occasional Advisor

тАО10-05-2007 05:17 AM

тАО10-05-2007 05:17 AM

Encrypting Ignite backups

Hello

I would like to start "encrypting" Ignite backups. I am thinking that the best way to do this is to:
- 'dd' the Ignite tape once Ignite is finished with the backup to a file on disk (we do not use an Ignite server)
- encrypt the disk file

To use encrypted Ignite backup:
- decrypt Ignite file
- 'dd' the decrypted Ignite file back to tape

As I am not sure about the inner workings of Ignite nor 'dd', I am not sure if this would be feasible. Would the above methods work, or would anyone care to suggest a better alternative? Thanks for the input!


AD
0 Kudos
Reply
10 REPLIES 10
Pete Randall
Outstanding Contributor

тАО10-05-2007 05:21 AM

тАО10-05-2007 05:21 AM

Re: Encrypting Ignite backups

If you're using Ignite as intended, the only thing on your Ignite backup is your root volume group image - just the OS - no data. Why would you need to encrypt that?

Any data should be backed up separately, by conventional means and encryption can be addressed then.


Pete

Pete
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО10-05-2007 05:29 AM

тАО10-05-2007 05:29 AM

Re: Encrypting Ignite backups

Hi:

What is your concern? Treat your Ignite backup (tape) exactly as you would _ANY_ data or backup from your site!

Do you encrypt every other backup you do?

The Ignite image is a 'pax' archive written to a tape after a LIF file.

Regards!

...JRF...
0 Kudos
Reply
Fabian Brise├▒o
Esteemed Contributor

тАО10-05-2007 05:41 AM

тАО10-05-2007 05:41 AM

Re: Encrypting Ignite backups

Like they told you above, if you are only backuping up, Operating system Data there is really no need to encrypt.

Ignite does not recommend backing up any other type of data if it's is not OS data.

You can use fbackup to backup application data, and if I remember correctly there is an "encrypt command " in unix(not sure if this is waht you are looking for), do a man encrypt for more information.
Knowledge is power.
0 Kudos
Reply
adam donald
Occasional Advisor

тАО10-08-2007 02:47 AM

тАО10-08-2007 02:47 AM

Re: Encrypting Ignite backups

While not exactly what I was looking for, I do appreciate the responses - again thanks for the input.


AD
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО10-08-2007 03:09 AM

тАО10-08-2007 03:09 AM

Re: Encrypting Ignite backups

If you are really serious about this (and there is a need for off-line encryption of data) then I would consider a hardware solution. There are a number of devices that sit in the middle of a SCSI bus and transparently encrypt and decrypt data. Such a device will nicely fit your needs. I do agree that there are data on an Ignite tape that could cause problems if it were compromised --- most notably the password data. There are also some audit requirements that all offline data be encrypted so you need may be legitimate.

Have a look at a device like this:
http://www.avax.com/paranoia2.html
If it ain't broke, I can fix that.
0 Kudos
Reply
whiteknight
Honored Contributor

тАО10-08-2007 03:16 AM

тАО10-08-2007 03:16 AM

Re: Encrypting Ignite backups


Adam,

May be EVFS able to help you addressing data encryption issue

EVFS also has been tested with HP OpenView Storage Data Protector to provide additional backup options.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=EVFS

WK
Problem never ends, you must know how to fix it
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-08-2007 04:14 AM

тАО10-08-2007 04:14 AM

Re: Encrypting Ignite backups

Shalom,

http://software.hp.com

Searh for Internet Express, take the pgp package.

Install it. You will then be able to encrypt your ignite backups after they are created. There is no way to encrypt the datastream.

I was 100% with what Pete and JRF said until I remembered where I worked. We are just the type of place that might want to encrypt an Ignite backup.

Good Luck,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
eric roseme
Respected Contributor

тАО10-08-2007 04:42 AM

тАО10-08-2007 04:42 AM

Re: Encrypting Ignite backups

Hi Adam,

HP-UX EVFS can do this very easily, and it is free. You need 11iv2 or 11iv3 0709 Fusion release. You will need to download it from the web (software.hp.com) - it is not on the CDs unitl 0712.

Go to the Admin Guide (http://www.docs.hp.com/en/5991-5390/5991-5390.pdf) and look at page 110. There is a step-by-step cookbook of how to create an ecrypted backup tape using EVFS.

I have .ppt slide decks from the HP Tech Forum 2005/2006/2007 if you need a quick overview of how it works.

Eric Roseme
Hewlett-Packard
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО10-08-2007 04:52 AM

тАО10-08-2007 04:52 AM

Re: Encrypting Ignite backups

Since you are not using an Ignite server there is a fundamental problem with all solutions other than an inline encryption engine. How do you plan to use dd or an encrypted file system when the box is down? You would have to have at least two systems that are capable of encrypting the data. The inline encryption engine implicitly handles this scenario although for full disaster recovery, you would have to have a spare engine at your DR site.
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.