Chat now with support
Chat with Support

QoreStor 7.5.2 - User Guide

Introducing QoreStor Accessing QoreStor Configuring QoreStor settings
Licensing QoreStor Configuring SAML Configuring an SSL Certificate for your QoreStor System Configuring Active Directory settings Securing QoreStor server root logins Enabling FIPS 140-2 support Understanding system operation scheduling Configuring Secure Connect Enabling MultiConnect Bandwidth throttling Configuring and using Rapid NFS and Rapid CIFS Configuring and using VTL Configuring and Using Encryption at Rest Configuring and using the Recycle Bin Configuring Cloud Reader Configuring RDA immutability
Managing containers Managing local storage Managing cloud storage Managing replications Managing users Monitoring the QoreStor system Managing QoreStor remotely Support, maintenance, and troubleshooting Security recommendations guide About us

Guidelines for configuring VTL

The overall steps and recommended guidelines for using and configuring a virtual tape library (VLT) with QoreStor are described below.

Plan your Environment

Determine the following before creating a container of type VTL.

  • Identify the Data Management Application (DMA) that you will be using to back up data. Refer to the QoreStor Interoperability Guide for a complete list of the supported DMAs.
  • For the NDMP protocol, determine the filer that will be backed up using NDMP Refer to the QoreStor Interoperability Guide for a list of the supported Filers and Operating systems.
  • For the iSCSI protocol, determine the iSCSI initiator’s properties – This is the DMA IP, hostname or IQN of the software initiator on the operating system.
  • Assess the estimated size of full and incremental backups and retention periods.

    NOTE: The size of the full and incremental backups will determine the tape capacity size that you set. You should use a larger tape size for full backups and a smaller size for incremental backups that have smaller retention periods. Note that faster expiration periods of incremental backups residing on smaller tapes results in the release of space back to the system for future backups.

Create Containers of Type VTL

  • Determine the VTL library type (NDMP or iSCSI) that you should be using as per the suggested type in the best practices guide of your preferred DMA.

    Refer to the QoreStor documentation, which includes DMA best practices whitepapers for your specific QoreStor version at support.quest.com/qorestor.

  • When creating the container in the GUI or by using the CLI, you will need to set the connection type of either NDMP or iSCSI. You need to provide either the DMA IP/hostname for NDMP or the IP/hostname or IQN for an iSCSI connection type.

    Refer to the topics, Creating a container and Creating a VTL type container , for detailed instructions about creating containers. Refer to the QoreStor Command Line Interface Guide for details about the CLI commands for creating containers.

Authentication/User Management Considerations

  • You can use the following commands to view user information for the iSCSI user: iscsi_user, and NDMP user: ndmp_user.
    • iscsi --show
    • ndmp --show

    Refer to the QoreStor Command Line Reference Guide for more details about using these commands.

  • For iSCSI, you need to set the system-wide CHAP account for the QoreStor system. You can add this user on the Users page in the QoreStor GUI. See the topic, Adding a user, for instructions for adding an iSCSI user and password.
  • For NDMP, you can set the password for ndmp_user by using the Users page in the QoreStor GUI. These credentials are needed for configuring the NDMP-VTL in the DMA. See the topic, Adding a user, for instructions for adding an NDMP user and password.

Verify the Tape Library Creation

You can easily check that the library has been created and is available for use by using the following commands.

  • Check the container properties by executing the following command:

    container --show –verbose

    • Upon initial addition of the connection, the NDMP/iSCSI connection status shows as ‘Added”. At this time, the library is not officially created.
    • After a few minutes, the NDMP/iSCSI connection status changes to “Available” . This status indicates that the library is online, and the tape drives and media is available for usage.
  • To check the status of the virtual tape library and all the tapes in the library, you can run one of the following commands:
    • vtl –show
    • vtl --show --name <container_name> --verbose

Configure the Library in the DMA

See the QoreStor documentation, which includes DMA best practices whitepapers for your specific QoreStor version at:

support.quest.com/qorestor.

Configuring and Using Encryption at Rest

This chapter introduces the concept of Encryption at Rest as used by QoreStor as well as related concepts and tasks.

NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale.

Understanding Encryption at Rest

Data that resides in QoreStor can be encrypted. When encryption is enabled, QoreStor uses the Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for encrypting and decrypting user data. The content encryption key derives from the passphrase, which you assign to a specified storage group, and is managed by the key manager, which operates in either a Static mode or an Internal mode. In Static mode, a global, fixed key is used to encrypt all data. In internal mode, key lifecycle management is performed in which the keys are periodically rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days.

A user-defined passphrase is used to generate a pass phrase key, which is used to encrypt the content encryption keys. It is mandatory to define a passphrase to enable encryption. The system supports up to a limit of 1023 different content encryption keys. All streams of a data-store are encrypted or re-encrypted with the same content encryption key. QoreStor statistics report the amount of data encrypted and decrypted bytes consistently.

Encryption at Rest Terminology

This topic introduces and briefly defines some basic encryption at rest terminology used in QoreStor documentation.

Term Description

Passphrase

A passphrase is a sequence of words or other text used to control access to data, similar to a password in usage, but is generally longer for added security. The QoreStor passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.

Content encryption key

The key used to encrypt the data. The content encryption key is managed by the key manager, which operates in either a static mode or an internal mode. The system supports up to a limit of 1023 different content encryption keys.

Key management mode

The mode of key lifecycle management as either static or internal.

Static mode

A mode of key management in which a fixed key is used to encrypt all data and is global for each storage group, which lets you configure static mode for one storage group and internal mode for another storage group.

Internal mode

A mode of key lifecycle management in which the keys are periodically generated and rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating