• Conviértase en un profesional en el portal de soporte
• Descargar
• Imprimir
• Mis descargas ()

• Soporte
• Documentación técnica
• DR Series Software 4.0.3.1
• DR Series Software 4.0.3.1 - Administration Guide

DR Series Software 4.0.3.1 - Administration Guide

Navegación de contenido  

Introducing the DR Series system documentation

Understanding the DR Series system documentation Other information you might need What's new in this release Source code availability

Introducing the DR Series system

Understanding the DR Series system models DR Series data storage concepts

Data deduplication and compression Encryption at rest Streams and connections Replication

Replication seeding Reverse replication Reverse replication: alternate method Rapid Air Gap

Secure erase

Supported file system protocols

NFS CIFS

CIFS ACL support Access control list support in containers Unix permissions guidelines Windows permissions guidelines

Rapid NFS and Rapid CIFS DR Rapid for the DR Series system RDA with OST for the DR Series system

Software components and operational guidelines

Supported virtual tape library access protocols

NDMP iSCSI Fibre channel

Understanding the DR Series system hardware and data operations Understanding DR Series system hardware expansion shelf cabling Supported software and hardware

Setting up the DR Series system

Interacting with the DR Series system Networking prerequisites for the DR Series system Supported connections for initializing the DR Series system

Default IP and subnet mask addresses Local console connection iDRAC connection Accessing iDRAC6/iDRAC7 by using RACADM

Logging on and initializing the DR Series system Logging onto the system GUI for the first time

Enabling active scripting in IE Disabling the Compatibility View settings for IE

Configuring the DR Series system settings

Viewing system configuration settings Using the Configuration Wizard Registering with the Support Portal Configuring Active Directory settings

Adding a login group to an ADS domain Removing a login group

Configuring system date and time settings Configuring DR Series system enclosures Managing and viewing DR Series system licenses Configuring networking settings

Understanding the networking page and Ethernet port values

Understanding system operation scheduling

Configuring cleaner schedules

Viewing cleaner statistics

Configuring replication schedules

Configuring an SSL certificate for your DR Series system

Installing an SSL certificate Resetting the SSL Certificate Installing a CA certificate Generating a CSR

Managing storage groups

Viewing storage group information Adding a storage group Modifying a storage group Deleting a storage group

Managing users

Viewing users Adding a user Modifying a user Changing a user password Deleting a user Modifying password reset options Configuring email notification settings

Configuring share-level security for CIFS shares

Managing containers

Viewing containers Creating a container

Adding an NFS or CIFS connection type container

Moving data into a CIFS type container

Creating an OST or RDS connection type container Creating a VTL type container

Viewing VTL tape information

Editing container settings Deleting a container Viewing container statistics

Displaying container statistics by using the CLI

Managing replications

Guidelines and prerequisites for replication Viewing replication information

Viewing replication statistics by using the CLI

Adding replication relationships Modifying replication relationships Deleting replication relationships Starting and stopping replication Adding a cascaded replica

Monitoring the DR Series system

Using the Dashboard page Viewing DR Series system statistics by using the CLI Monitoring system alerts Monitoring clients Monitoring system events Monitoring system health Monitoring system usage

Using GlobalView

Understanding GlobalView Prerequisites for GlobalView Viewing and using the GlobalView page Adding a DR Series system to GlobalView Removing a DR Series system from GlobalView

Configuring and using Rapid NFS and Rapid CIFS

Rapid NFS and Rapid CIFS benefits Best practices: Rapid NFS Best practices: Rapid CIFS Setting client-side optimization Installing the Rapid NFS plug-in Installing the Rapid CIFS plug-in Determining if your system is using Rapid NFS or Rapid CIFS Viewing the Rapid NFS and Rapid CIFS logs Monitoring performance Uninstalling the Rapid NFS plug-in Uninstalling the Rapid CIFS plug-in

Configuring and using Rapid Data Access with NetVault Backup and with vRanger

Overview Guidelines for using RDA with NetVault Backup and with vRanger Best Practices: RDA with NetVault Backup and vRanger and the DR Series System Setting client-side optimization Adding RDS devices in NetVault Backup Removing RDS Devices From NetVault Backup Backing Up Data on the RDS container using NetVault Backup Replicating Data to a RDS Container using NetVault Backup Restoring data from a DR Series system by using NetVault Backup Supported DR Series system CLI commands for RDS

Configuring and using RDA with OST

Understanding RDA with OST Guidelines Terminology Supported RDA with OST software and components Best Practices: RDA with OST and the DR Series System Setting client-side optimization Configuring an LSU Installing the RDA with OST plug-in

Installing the RDA with OST plug-in for Backup Exec on Windows Installing the RDA with OST plug-in for NetBackup on Windows Uninstalling the RDA with OST plug-in for Windows Installing the RDA with OST plug-in for NetBackup on Linux Uninstalling the RDA with OST plug-in for Linux

Configuring DR Series system information using NetBackup

Using NetBackup CLI to add DR Series system name (Linux) Using NetBackup CLI to add DR Series system name (Windows) Configuring NetBackup for the DR Series system Configuring NetBackup for optimized synthetic backups Creating disk pools from LSUs Creating storage units by using the disk pool

Backing up data from a DR Series system with NetBackup

Restoring data from a DR Series system with NetBackup Duplicating backup images between DR Series systems with NetBackup

Using Backup Exec with a DR Series system (Windows)

Configuring the DR Series system with the Backup Exec GUI Creating backups on the DR Series system using Backup Exec Optimizing duplication between DR Series systems using Backup Exec Restoring data from a DR Series system with Backup Exec

Understanding the OST CLI commands Understanding RDA with OST Plug-In Diagnostic Logs

Rotating RDA with OST Plug-In Logs for Windows

Collecting diagnostics by using a Linux utility

Rotating RDA with OST plug-in logs for Linux

Guidelines for gathering media server information

Configuring and using VTL

Understanding VTL Terminology Supported virtual tape library access protocols

NDMP iSCSI Fibre channel

VTL and DR Series specifications Guidelines for configuring VTL

Configuring and Using Encryption at Rest

Understanding Encryption at Rest Encryption at Rest Terminology Encryption at Rest and DR Series Considerations Understanding the encryption process

Support, maintenance, and troubleshooting

Using the DR Series system support options

Viewing support information Viewing system diagnostic log files

Understanding diagnostics collection Generating a diagnostics log file Downloading diagnostics log files Deleting a Diagnostics Log File

Rebooting the DR Series system Shutting down the DR Series system Viewing the software upgrade page

Upgrading the DR Series system software

Restore Manager (RM)

Downloading the Restore Manager Creating the Restore Manager USB key Running the Restore Manager (RM) Resetting the Boot LUN Setting in PERC H700 BIOS After Running RM

Hardware removal or replacement

Proper shutdown and startup of the system DR Series System NVRAM

NVRAM Backup Failure Recovery NVRAM Field Replacement

Troubleshooting error conditions DR Series system alert and event messages About the DR Series system maintenance mode

Supported Ports in a DR Series system About us

• Visualización de Temas 185 - 188 de 216

×

Configuring and Using Encryption at Rest

Configuring and Using Encryption at Rest

Understanding Encryption at Rest

Encryption at Rest Terminology

Encryption at Rest and DR Series Considerations

Understanding the encryption process

This chapter introduces the concept of Encryption at Rest as used by the DR Series system as well as related concepts and tasks.

NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale.

Refer to the subsequent topics for more information.

Understanding Encryption at Rest

Data that resides in the DR Series system can be encrypted. When encryption is enabled, the DR Series system uses the Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for encrypting and decrypting user data. The content encryption key is managed by the key manager, which operates in either a Static mode or an Internal mode. In Static mode, a global, fixed key is used to encrypt all data. In internal mode, key lifecycle management is performed in which the keys are periodically rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days. A user-defined passphrase is used to generate a pass phrase key, which is used to encrypt the content encryption keys. It is mandatory to define a passphrase to enable encryption. The system supports up to a limit of 1023 different content encryption keys. All streams of a data-store are encrypted or re-encrypted with the same content encryption key. DR Series system statistics report the amount of data encrypted and decrypted bytes consistently.

Encryption at Rest Terminology

This topic introduces and briefly defines some basic encryption at rest terminology used in the DR Series system documentation.

Term	Description
Passphrase	A passphrase is a sequence of words or other text used to control access to data, similar to a password in usage, but is generally longer for added security. In the DR Series system, the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
Content encryption key	The key used to encrypt the data. The content encryption key is managed by the key manager, which operates in either a static mode or an internal mode. The system supports up to a limit of 1023 different content encryption keys.
Key management mode	The mode of key lifecycle management as either static or internal.
Static mode	A global mode of key management in which a fixed key is used to encrypt all data.
Internal mode	A mode of key lifecycle management in which the keys are periodically generated and rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days.

Encryption at Rest and DR Series Considerations

This topic describes key features and considerations of using Encryption at Rest in the DR Series system.

•	Key Management — In internal mode there is a maximum limit of 1023 keys. By default when encryption is enabled on the system, the key rotation period is set to 30 days. Users can later change the key rotation period from 7 days to 70 years, while configuring internal mode of encryption.

•	Performance Impacts — Encryption should have minimal to zero impact on both backup and restore workflows.

It should also have no impact on the replication workflows.

•

Replication — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. This means that encrypted data on the source does not automatically imply that when it is replicated to the target it will be encrypted unless encryption is explicitly turned ‘ON’ on the target DR Series system.

•

Seeding — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. If seeding is configured for encryption, then the data will be re-encrypted and stored. When the data stream is imported onto the target from the seed device, the stream will be encrypted as per the target policy and stored.

•	Security Considerations for Passphrase and Key Management —

◦

A passphrase is very important part of the encryption process on the DR Series system as the passphrase is used to encrypt the content encryption key or keys. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable.

◦	The administrator should closely consider security requirements to drive the decision for selecting the mode of key management for the DR Series system.

◦	The Internal mode is more secure than the Static mode since the keys are periodically changed. Key rotation can be set to 7 days minimum.

◦	Key modes can be changed at any time during the lifetime of the DR Series system; however, changing the key mode is a significant operation to undertake as all encrypted data must be re-encrypted.

◦	Content encryption keys are stored in their encrypted form in a primary keystore, which is maintained on the same enclosure as the data-stores. For redundancy purposes, a backup copy of the primary keystore is stored on the system in the root partition, separate from the data-store partitions.

•  Anterior
• Visualización de Temas 185 - 188 de 216
• Siguiente 

Buscar este documento Buscar todos los documentos

×

 Bienvenido al portal de soporte

Puede encontrar ayuda de soporte en línea para el *producto* Quest en un sitio de soporte afiliado. Haga clic en Continuar para ser dirigido al contenido de soporte y a la asistencia adecuados para el *producto*.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Términos de uso Privacidad Cookie Preference Center