Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Backup Exec; Encrypt media to prevent unauthorized access if it is lost or stolen?

Posted on 2006-06-14
11
Medium Priority
?
1,572 Views
Last Modified: 2013-12-01
Running Backup Exec V9.1 Small Business Suite on Microsoft Small Business Server 2003 and considering options to encrypt media to prevent unauthorized access if it is lost or stolen becuase it is taken off-site.

Features currently in use include;

File System (data only)
Exchange Information Stores & Mailboxes
System State

Features not in use;

SQL Server
Intelligent Disaster Recovery
Remote Agents

There is only 1 domain controller!

Is it possible to acheive this through Backup Exec or would we be looking at EFS?

If so how is Backup Exec configured?

What precautions need to be taken to ensure a successful restoration of the back up data on to a new server after complete loss of the existing one?

Any help most appreciated!

Neil
0
Comment
Question by:ITHELP-BOCS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 30

Assisted Solution

by:Duncan Meyers
Duncan Meyers earned 800 total points
ID: 16908653
The new DLT-4S tapes offer on-drive encryption (http://www.quantum.com/Products/TapeDrives/DLT/dlt-s4/Index.aspx). Other than that, you're looking at boxes from companies like Decru http://www.decru.com/ or Sun http://www.sun.com/storagetek/secure.jsp to do in-line encryption of data.
0
 
LVL 88

Expert Comment

by:rindi
ID: 16909007
You can password protect the media through BE if that is secure enough for you.

You do need the remote agent running on the server in order to make a backup of exchange, even if exchange is running on the same server!
0
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 16909022
From memory, though, that doesn't encrypt the tape data?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 88

Expert Comment

by:rindi
ID: 16909222
No, that's why I added "if that's secure enough for you".
0
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 16909227
I couldn't remember if BE 9.1 encrypted or not and I was too lazy to google it...

:-)
0
 
LVL 88

Expert Comment

by:rindi
ID: 16909422
And I mainly wanted to point out that the remote agent was needed to backup exchange...

:-)
0
 

Author Comment

by:ITHELP-BOCS
ID: 16909772
I would prefer not to buy any additional hardware or software and am looking for a solution using what we already have; Small Business Server 2003 , Veritas Backup Exec V9.1 and a Dell PowerVault 110T VS160 DLT drive.

Is the answer that BE V9.1 doesn't have functionality to encrypt the media?

Is using EFS in Windows Server 2003 an options?

Thanks for your help.

Neil
0
 
LVL 88

Accepted Solution

by:
rindi earned 1000 total points
ID: 16909824
Sure, that is an option. Just make sure you don't backup the en- and decryption keys to the tape itself, but to some other backup media (floppy/CD), and keep these Keys separate to the backup. Again, if the security provided by a password alone is enough, just use that.

But again, you do need the remote agent, or you can't backup exchange server using BE.
0
 

Author Comment

by:ITHELP-BOCS
ID: 16909916
Rindi,

OK, thanks for the advice about the remote agant for Exchange.

What does "Password Protect Media" option in BE actually do? My understanding is that it's meant to prevent accidental overwritting of the media and not unauthorized access?

Also, with regard to backing up Exchange / using EFS on Exchange files - even if the EDB's, STM's and LOG's are encrypted, will this prevent access to when the data has been restored to another server because, my understanding is that BE doesn't backup the files like that, rather it extracts the information and backs it up in it's own format (especially in regard to Exchange Mailboxes brick level backup).

Any more advice appreciated.

Neil

0
 
LVL 88

Expert Comment

by:rindi
ID: 16909980
It'll require you to enter the password when restoring data. I'm not very sue about how encryption works within exchange, but it should also work with encryption keys, so as long as these keys are kept separate from the backup itself you should be safe.

Have you though of keeping the tapes in a bank's safe? This should reduce the chance of theft to a minimum.
0
 
LVL 9

Assisted Solution

by:cooledit
cooledit earned 200 total points
ID: 16932553
hi, there

If this was my task given to me from my boss to encrypt the data.

I would encrypt the data before backing it up, there are to many tools out there to hack the password on different programs.
Also this is why the safe was invented for security.

For much more high end software as "Legato Networker" there are ways to get the data out.
Do the encryption before the backup and if you really want to then on the tape itself as well/ or here you could use your safe.

Cooledit
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question