Source:FAQ - Encryption & Compression

From SEPsesam
Other languages:

What encryption types are available with SEP sesam?

SEP sesam provides data encryption types on different levels: backup-task encryption for savesets (set in the backup task), Si3 encryption for Si3 deduplication store, and hardware-based LTO encryption for LTO tape drives (generation 4 and higher), which is done on a media pool level. For every encryption you must create and store an encryption key.

How to encrypt an Si3 deduplication store?

You can encrypt an Si3 deduplication store by setting the deduplication security password directly in the drive properties for the first drive. For details, see Encrypting Si3 Deduplication Store.

When encryption is selected before transferring data to the server, does SEP sesam perform compression before encrypting the data?

Data encrypted by the system and transferred to the server will be compressed if stored to tape using the manufacturer's compression algorithms.

Where is the encryption key stored?

The encryption key is stored in the SEP sesam database. If the encryption key is changed, the subsequent task will be executed with the new key and the new key will be stored in the SEP sesam database.

A restore uses the stored encryption key.

How to set compression?

Compression for backup to virtual tape media

To activate compression for backing up to a Path data store, modify the file sms.ini under /var/opt/sesam/var/ini/ on the system where the data store is configured (SEP sesam Server or RDS). Locate the section [SMS_Server] and enter the following key: 

Compresslevel=1

Save your changes and restart the SEP sesam Server or RDS for the changes to take effect.

Note that Si3 deduplication store always uses compression for the deduplicated data.

Compression on tape drives

Compression is done by the drive itself. Use the SEP sesam tool slu to check whether compression is activated or deactivated.

  1. Display a list of attached SCSI devices.
    2. slu topology is a SEP sesam SCSI loader utility that provides information about the loaders and drives connected to the system and their relation. To be able to run the SEP sesam commands globally, you must first set up a profile as described in FAQ: What happens when I set a profile?
    Then run slu topology to list all attached SCSI devices as follows: 
      <SESAM_BIN>/sesam/slu topology

    For details on the output, see Using slu topology for detecting devices.

  2. Check the tape drive settings:
    3.   [root@sinus sesam]# ./slu <b>0020</b> -s
  Tape Info
  Read Attribute not supported
  internal_status_byte= 0x0
  buffered_mode= 1
  block_length= 0 (variable)
  media_type= unknown (0)
  write_protect= 0
  density_code= 44
  <b>compression= 1</b>
  STATUS= SUCCESS MSG= "OK"

    If compression is set to 1, drive compression is active. Setting the compression can also be done with slu or alternatively with the Linux tool mt.

  3. Activate compression:
    4.   [root@sinus sesam]# slu <b>0020</b> -c 1
  DCE= 1
  DATA COMPRESSION ENABLE:1
  TRY MODE SELECT (6) SET COMPRESSION DCE
  compression= 1
  DONE MODE SELECT (6) SET COMPRESSION DCE
  STATUS= SUCCESS MSG= "OK"

    On Windows systems, check if the compression is enabled in the Device Options. When performing a check, make sure that the tape is in the drive.

    Tape-compression.jpg

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.
Retrieved from "https://wiki.sep.de/wiki/index.php?title=Source:FAQ_-_Encryption_%26_Compression&oldid=351270"