立即与支持人员聊天
与支持团队交流

DR Series Software 3.2.0.2 - Administrator Guide

Introduction to the DR Series System Documentation Understanding the DR Series System Setting Up the DR Series System Hardware Configuring the DR Series System Settings Managing DR Series Storage Operations Monitoring the DR Series System Using Global View Using the DR Series System Support Options Configuring and Using Rapid NFS and Rapid CIFS Configuring and Using Rapid Data Access with Dell NetVault Backup and with Dell vRanger Configuring and Using RDA with OST
Understanding RDA with OST Guidelines Terminology Supported RDA with OST Software and Components Best Practices: RDA with OST and the DR Series System Setting Client-Side Optimization Configuring an LSU Installing the RDA with OST Plug-In Configuring DR Series System Information Using NetBackup Backing Up Data From a DR Series System (NetBackup) Using Backup Exec With a DR Series System (Windows) Understanding the OST CLI Commands Understanding RDA with OST Plug-In Diagnostic Logs Collecting Diagnostics Using a Linux Utility Guidelines for Gathering Media Server Information
Configuring and Using VTL Configuring and Using Encryption at Rest Troubleshooting and Maintenance Supported Ports in a DR Series System Getting Help

Encryption at Rest and DR Series Considerations

Encryption at Rest and DR Series Considerations

This topic describes key features and considerations of using Encryption at Rest in the DR Series system.

Key Management — In internal mode there is a maximum limit of 1023 keys. By default when encryption is enabled on the system, the key rotation period is set to 30 days. Users can later change the key rotation period from 7 days to 70 years, while configuring internal mode of encryption.
Performance Impacts — Encryption should have minimal to zero impact on both backup and restore workflows.

It should also have no impact on the replication workflows.

Replication — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. This means that encrypted data on the source does not automatically imply that when it is replicated to the target it will be encrypted unless encryption is explicitly turned ‘ON’ on the target DR Series system.
Seeding — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. If seeding is configured for encryption, then the data will be re-encrypted and stored. When the data stream is imported onto the target from the seed device, the stream will be encrypted as per the target policy and stored.
Security Considerations for Passphrase and Key Management

Understanding the Encryption Process

Understanding the Encryption Process

The overall steps for how Encryption at Rest is enabled and used in the DR Series system are described below.

Encryption is disabled by default on a factory installed DR Series system (running version 3.2 software or later) or a DR Series system that has been upgraded to version 3.2 from a previously released version.

The administrator must set a passphrase as the first step in configuring encryption. This passphrase is used to encrypt the content encryption keys, which adds a second layer of security to the key management.

2.
The administrator should enable encryption by using the GUI or CLI. At this time, the mode is also set. The default key management mode is “internal” mode, in which key rotation happens periodically as specified by the set key rotation period.
3.
After encryption is enabled, the data on the DR Series system that gets backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Note that the encryption process is irreversible.
4.
Encryption of pre-existing data. Any pre-existing data on a DR Series system will also be encrypted using the currently set mode of key management. This encryption occurs as part of the system cleaner process. Encryption is scheduled as the last action item in the cleaner workflow. You must launch the cleaner manually using the maintenance command to reclaim space. It then encrypts all pre-existing unencrypted data. The cleaner can also be scheduled as per the existing pre-defined cleaner schedule.

Refer to the following topics for more information about enabling encryption and using the system cleaner in the GUI.

Refer to the Dell DR Series System Command Line Reference Guide for information about the CLI commands used for encryption.

Troubleshooting and Maintenance

Troubleshooting and Maintenance

DR Series System Alert and Event Messages
About the Diagnostics Service
About the DR Series System Maintenance Mode
Scheduling DR Series System Operations
Creating a Cleaner Schedule

This topic provides an overview of the basic troubleshooting and maintenance information that is available to help you better understand the current state of your DR Series system. The following list of information sources can aid you in understanding the current state of and maintaining your system:

System alert and system event messages, for more information, see DR Series System Alert and Event Messages, which provides a tables that list the system alerts and system events.

Troubleshooting Error Conditions

Troubleshooting Error Conditions

To troubleshoot error conditions that disrupt your normal DR Series system operations, complete the following:

Generate a DR Series system diagnostics log file bundle if one has not already been automatically created.
For more information, see Generating a Diagnostics Log File.
2.
For more information, see DR Series System Alert and Event Messages, Monitoring System Alerts, and Monitoring System Events.
3.
For more information, see About the DR Series System Maintenance Mode.
4.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级