Video Screencast Help

client-side encryption over deduplication

Created: 02 Nov 2013 • Updated: 25 Jan 2014 | 7 comments
This issue has been solved. See solution.

We enabled client-side deduplication and encryption (not policy base encryption) by adding 'agent_crypt' to the ServerOptions of contentrouter.cfg file on the media server (NB appliance media server).

The backup job was completed successful, from job details, I can see it was using client-side dedup, but I can't confirm if client-side encyption is used as I can't find any keyword of 'encyption' nor 'encrpted' in the job details.

How to tell if client-side encyption over dedup has happend?

Operating Systems:
Discussion Filed Under:

Comments 7 CommentsJump to latest comment

Yasuhisa Ishikawa's picture

I have no idea other than looking packets between client and storage server using sniffer like WireShark. contentrouter.cfg is configuration file of PureDisk, and is independent from NetBackup application. 

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

sri vani's picture

Please verify in bpbkar log and let us know the results

****

Capture the verbose logs of the bpbkar and the bpfilter process on the Client during backup
The log file should have entries specific to encryption

The bpbkar log will have these entries for each file that is backed up….

<4> PackerTAR::startObject(): INF - Data Encryption is turned ON.
<4> PackerTAR::writeEncryptionInfo(): INF - Encryption Type ID = (0)

Marianne's picture

Use bpimagelist -L to check some backups.

One of the fields in the output is 'Encrypted':

...
Compressed:        no
Encrypted:         no
Kilobytes:         2652800
Number of Files:   4507
.....
 

Your output should obviously say 'yes'.

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

jaite275's picture

thanks for all the replies.

bpbkar log from the client machine doesn't contain keyword 'Encryption', I need to find the way to enable its verbose logging.

bpimagelist -L show Encrypted is no, does this output reflects to both policy base encryption and client-side encryption over deduplication for puredisk?

Marianne's picture

That is my understanding, but we need to test to know for sure... Unfortunately I don't have access to MSDP at the moment.

Try to force encryption on one client with pd.conf entry (http://www.symantec.com/docs/HOWTO70637) and see what bpimagelist result is.

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

jaite275's picture

I tried setting Local_Setting, Compression and Encryption to "1" in the pd.conf of one of the Windows client, the backup job completed but bpimagelist output still shows both compression and encryption are No.

Has anyone tested this client-side deduplication encryption and prove it is really working?

Yasuhisa Ishikawa's picture

Compression in bpimagelist means this image is encrypted by client encryption - not means deduptication encryption.

To comfirm deduplication encryption works, run tedt backup, capture packets, and look into packets.

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

SOLUTION