Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Netting Out NetBackup

The power of NetBackup Deduplication: Distributed processing and secure backup streams

Created: 13 Apr 2011 • Updated: 22 Jan 2013 • 2 comments
AbdulRasheed's picture
+3 3 Votes
Login to vote

Data deduplication is the most popular form of storage capacity optimization.  Deduplication makes it possible to store more on disk with less backend storage, hence it is a very promising method to eliminate or minimize tape as the backup medium.

The traditional deduplication appliances may reduce the storage required for backups, but it still does not address key issues in data protection for enterprise data centers.

  1. Shrinking backup windows: The data needs to be streamed to a backup server before it can be written to deduplication storage, hence the backup servers still need resources at the same or higher level as was the case before introducing the deduplication device.  As the production data size increases, the backup infrastructure would need to be upgraded or expanded to maintain the backup window.
  2. Flooded network infrastructure: The traditional deduplication appliances are typically end points in a backup stream. These deduplication appliances typically have an Ethernet based or Fibre Channel based connection to the backup server, the production clients need to use the network to reach the backup server before data can be sent to deduplication device. Additional dedicated networking infrastructure may be required to reduce the impact on production network.
  3. Security: Encrypted backup streams cannot be deduplicated as deduplication technique relies on identifying redundant information in the stream. With third party appliances, even the most critical production servers with extremely confidential data need to stream backups to backup server without encrypting at source.

With NetBackup Deduplication which is also available in appliance form factor, you don’t have to worry about any of the above. The data deduplication can be done on client (source deduplication) or on backup servers (target deduplication).  By offloading most of the deduplication processing overhead to clients, there is no need to keep adding media servers or adding additional network bandwidth as frontend data size grows.  

NetBackup appliances provide two levels of security for backup streams. When using client side deduplication, the unique segments of data are sent to appliance over secure socket layer (SSL) and hence not getting exposed to risks in transit. Additionally, encryption may be configured which occurs on client after deduplication processing is done but before the data enters the network. Thus NetBackup appliances can use encryption for data before transit and it stays encrypted on storage at rest.

Whether you want to deduplicate and encrypt on client or on target backup server can be set on per client basis, per media server basis or globally for all clients.  Third party deduplication appliances can only do target deduplication and provide encryption just for the data at rest. 

 Blogs in this series

The power of NetBackup Deduplication: Distributed processing and secure backup streams (this blog)

The power of NetBackup Deduplication: Application awareness and global deduplication

The power of NetBackup Deduplication: Flexibility and scalability

Comments 2 CommentsJump to latest comment

Gautier Leblanc's picture

Hi Rasheed,

I have 2 questions (not too idiot I hope) :

1) One of my customer wants to be sure that it is the only people able to restore his own data. He wants to provide himself encryption key and use it with NetBackup appliances. Is it possible without decrease deduplication rate ?  I'm pretty sure that it is not possible...

2) If I use encryption feature on all clients, with the same customer encryption key evreywhere, will deduplication be good ? I think that encrytion is done before deduplication, so datasteamer will be inoperative, but I am not able to evaluate global dedup impact (I am afraid it is violent).

 

Thank you.

 

 

0
Login to vote
RecioLola's picture

Hi Abdul,

We have an 5220 appliance , but some of our clients have 6.5.6 version because they have old linux version (32 bits) and couldn't install 7.5 version on them.

How is the correct way to implement security in those clients then? Because in those clients I couldn't apply client side deduplication.

What is correct way to do compressing too ?. On the master server? ( appliance)

Could you help me?.

Thanks in advance.

Best Regards.

 

0
Login to vote