The overall steps and recommended guidelines for using and configuring a virtual tape library (VLT) with QoreStor are described below.
Determine the following before creating a container of type VTL.
NOTE: Point to point cabling is not supported (directly attaching the QoreStor system to another system rather than using a switch), and multi-pathing is not currently supported. |
NOTE: The size of the full and incremental backups will determine the tape capacity size that you set. You should use a larger tape size for full backups and a smaller size for incremental backups that have smaller retention periods. Note that faster expiration periods of incremental backups residing on smaller tapes results in the release of space back to the system for future backups. |
Refer to the QoreStor documentation, which includes DMA best practices whitepapers for your specific QoreStor version at support.quest.com/qorestor.
Refer to the topics, Creating Storage Containers and Creating a VTL Type Container, for detailed instructions about creating containers. Refer to the QoreStor Command Line Interface Guide for details about the CLI commands for creating containers.
iscsi --show
ndmp --show
Refer to the QoreStor Command Line Reference Guide for more details about using these commands.
You can easily check that the library has been created and is available for use by using the following commands.
container --show –verbose
vtl –show
vtl --show --name <container_name> --verbose
See the QoreStor documentation, which includes DMA best practices whitepapers for your specific QoreStor version at:
support.quest.com/qorestor.This chapter introduces the concept of Encryption at Rest as used by QoreStor as well as related concepts and tasks.
|
NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale. |
Data that resides in QoreStor can be encrypted. When encryption is enabled, QoreStor uses the Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for encrypting and decrypting user data. The content encryption key is managed by the key manager, which operates in either a Static mode or an Internal mode. In Static mode, a global, fixed key is used to encrypt all data. In internal mode, key lifecycle management is performed in which the keys are periodically rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days.
A user-defined passphrase is used to generate a pass phrase key, which is used to encrypt the content encryption keys. It is mandatory to define a passphrase to enable encryption. The system supports up to a limit of 1023 different content encryption keys. All streams of a data-store are encrypted or re-encrypted with the same content encryption key. QoreStor statistics report the amount of data encrypted and decrypted bytes consistently.
This topic introduces and briefly defines some basic encryption at rest terminology used in QoreStor documentation.
Term | Description |
---|---|
Passphrase |
A passphrase is a sequence of words or other text used to control access to data, similar to a password in usage, but is generally longer for added security. The QoreStor passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption. |
Content encryption key |
The key used to encrypt the data. The content encryption key is managed by the key manager, which operates in either a static mode or an internal mode. The system supports up to a limit of 1023 different content encryption keys. |
Key management mode |
The mode of key lifecycle management as either static or internal. |
Static mode |
A global mode of key management in which a fixed key is used to encrypt all data. |
Internal mode |
A mode of key lifecycle management in which the keys are periodically generated and rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days. |
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center