Tchater maintenant avec le support
Tchattez avec un ingénieur du support

DR Series Software 3.2.6 - Administrator Guide

Introduction to the DR Series System Documentation Understanding the DR Series System Setting Up the DR Series System Hardware Configuring the DR Series System Settings Managing DR Series Storage Operations Monitoring the DR Series System Using Global View Using the DR Series System Support Options Configuring and Using Rapid NFS and Rapid CIFS Configuring and Using Rapid Data Access with Dell NetVault Backup and with Dell vRanger Configuring and Using RDA with OST
Understanding RDA with OST Guidelines Terminology Supported RDA with OST Software and Components Best Practices: RDA with OST and the DR Series System Setting Client-Side Optimization Configuring an LSU Installing the RDA with OST Plug-In Configuring DR Series System Information Using NetBackup Backing Up Data From a DR Series System (NetBackup) Using Backup Exec With a DR Series System (Windows) Understanding the OST CLI Commands Understanding RDA with OST Plug-In Diagnostic Logs Collecting Diagnostics Using a Linux Utility Guidelines for Gathering Media Server Information
Configuring and Using VTL Configuring and Using Encryption at Rest Troubleshooting and Maintenance Supported Ports in a DR Series System Getting Help

Encryption at Rest and DR Series Considerations

Encryption at Rest and DR Series Considerations

This topic describes key features and considerations of using Encryption at Rest in the DR Series system.

Key Management — In internal mode there is a maximum limit of 1023 keys. By default when encryption is enabled on the system, the key rotation period is set to 30 days. Users can later change the key rotation period from 7 days to 70 years, while configuring internal mode of encryption.
Performance Impacts — Encryption should have minimal to zero impact on both backup and restore workflows.

It should also have no impact on the replication workflows.
Replication — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. This means that encrypted data on the source does not automatically imply that when it is replicated to the target it will be encrypted unless encryption is explicitly turned ‘ON’ on the target DR Series system.
Seeding — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. If seeding is configured for encryption, then the data will be re-encrypted and stored. When the data stream is imported onto the target from the seed device, the stream will be encrypted as per the target policy and stored.
Security Considerations for Passphrase and Key Management
A passphrase is very important part of the encryption process on the DR Series system as the passphrase is used to encrypt the content encryption key or keys. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable.
The administrator should closely consider security requirements to drive the decision for selecting the mode of key management for the DR Series system.
The Internal mode is more secure than the Static mode since the keys are periodically changed. Key rotation can be set to 7 days minimum.
Key modes can be changed at any time during the lifetime of the DR Series system; however, changing the key mode is a significant operation to undertake as all encrypted data must be re-encrypted.
Content encryption keys are stored in their encrypted form in a primary keystore, which is maintained on the same enclosure as the data-stores. For redundancy purposes, a backup copy of the primary keystore is stored on the system in the root partition, separate from the data-store partitions.
Parent topic 

Understanding the Encryption Process

Understanding the Encryption Process

The overall steps for how Encryption at Rest is enabled and used in the DR Series system are described below.

Setting a passphrase.
Encryption is disabled by default on a factory installed DR Series system (running version 3.2 software or later) or a DR Series system that has been upgraded to version 3.2 from a previously released version.

The administrator must set a passphrase as the first step in configuring encryption. This passphrase is used to encrypt the content encryption keys, which adds a second layer of security to the key management.

2.
Enabling encryption and setting the mode.
The administrator should enable encryption by using the GUI or CLI. At this time, the mode is also set. The default key management mode is “internal” mode, in which key rotation happens periodically as specified by the set key rotation period.
3.
Encryption process.
After encryption is enabled, the data on the DR Series system that gets backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Note that the encryption process is irreversible.
4.
Encryption of pre-existing data. Any pre-existing data on a DR Series system will also be encrypted using the currently set mode of key management. This encryption occurs as part of the system cleaner process. Encryption is scheduled as the last action item in the cleaner workflow. You must launch the cleaner manually using the maintenance command to reclaim space. It then encrypts all pre-existing unencrypted data. The cleaner can also be scheduled as per the existing pre-defined cleaner schedule.
 
NOTE: The cleaner can take some time to start the encryption process if the system is nearing full system capacity. Encryption starts only after the cleaner processes data slated for cleaning and the related logs. This ensures that space reclamation is prioritized when free space is low and also ensures that data stores are not redundantly encrypted.

Refer to the following topics for more information about enabling encryption and using the system cleaner in the GUI.
Managing Encryption Operations
Creating a Cleaner Schedule

Refer to the Dell DR Series System Command Line Reference Guide for information about the CLI commands used for encryption.

Parent topic 

Troubleshooting and Maintenance

Troubleshooting and Maintenance

DR Series System Alert and Event Messages
About the Diagnostics Service
About the DR Series System Maintenance Mode
Scheduling DR Series System Operations
Creating a Cleaner Schedule

This topic provides an overview of the basic troubleshooting and maintenance information that is available to help you better understand the current state of your DR Series system. The following list of information sources can aid you in understanding the current state of and maintaining your system:
System alert and system event messages, for more information, see DR Series System Alert and Event Messages, which provides a tables that list the system alerts and system events.
Diagnostics service, for more information, see About the Diagnostics Service.
Maintenance mode, for more information, see About the DR Series Maintenance Mode.
Scheduling system operations, for more information, see Scheduling DR Series System Operations.
Scheduling Replication operations, for more information, see Creating a Replication Schedule.
Scheduling Cleaner operations, for more information, see Creating a Cleaner Schedule.
 
 

Troubleshooting Error Conditions

Troubleshooting Error Conditions

To troubleshoot error conditions that disrupt your normal DR Series system operations, complete the following:

Generate a DR Series system diagnostics log file bundle if one has not already been automatically created.
For more information, see Generating a Diagnostics Log File.
2.
Check the system alert and system event messages to determine the current status of your DR Series system.
For more information, see DR Series System Alert and Event Messages, Monitoring System Alerts, and Monitoring System Events.
3.
Verify if the DR Series system has recovered or whether it has entered into Maintenance mode.
For more information, see About the DR Series System Maintenance Mode.
4.
If you cannot resolve the issue using the information in this DR Series system documentation, then read Before Contacting Dell Support, and seek assistance from Dell Support.
Parent topic 
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation