Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

install MSEO on Media server using anappliance 5220 with media server role

Created: 04 Feb 2013 | 9 comments
Rami Nasser's picture

Hi All ,

kindly need your help in installing  MSEO on Media server using anappliance 5220 with media server role!

any direct steps to configure MSEO is better for me

Thanks and appreciate

Comments 9 CommentsJump to latest comment

Marianne's picture

Any reason why you need MSEO encryption?

Modern LTO tape drives come with built-in encryption that can be used with KMS feature in NBU.
Extract from Sec and Encr guide:

The NetBackup Key Management Service (KMS) feature is included as part of the
NetBackup Enterprise Server and NetBackup Server software.Anadditional license
is not required to use this functionality.

See http://www.symantec.com/docs/TECH67972

and NetBackup Security and Encryption Guide http://www.symantec.com/docs/DOC5185

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

Rami Nasser's picture

This is request of customer .he want to to use hardware encryption for tape drive

Option I: Netbackup client encryption

                Option II: Media Server Encryption

                 Option III: Third-party encryption appliances and hardware devices

Regards,

Mark_Solutions's picture

Totally with Marianne here - KMS is the way to go - hardware based encryption dealt with by NetBackup.

I think you would need to open a case with Symantec to see if MSEO is supported on an appliance as there is no where in its interfaces (Web or CLISH) to se it up which would mean going into its O/S to do anything.

The only thing on an appliance as far as i am aware is under Settings - DeDuplication where there is an encryption option

But KMS would be best

Check with Support first

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

RLeon's picture

using anappliance 5220 with media server role

KMS should be fine if you are only using the 5220 as a media server.

Please note that neither KMS nor NBAC is supported if the 5220 is configured as a master server.
MSEO is simply not supported.

Please refer to the Netbackup Appliance section in the Netbackup Hardware Compatibility List:
http://www.symantec.com/business/support/index?pag...

Rami Nasser's picture

There are many things : - what about extra load of encryption? - client encryption is checkbox in the policy and from the client host properties as shown in the pic. - how to set the encryption in the appliance as there are no commands indicate how to setup - as Mark said ,or can be managed by the master server? - if the customer will use the encryption features in netbackup ,is there any hardware requirment? I believe that as Marianne said there are KMS way to encrypt beside the client side encryption. I suggest that if there are load on the current media server you can add other media server (appliance) or physical for load balancing. Appreciate you support

snapshot for client encryption.png
Mark_Solutions's picture

Client encryption is not good - and if you use de-dupe it will not be able to de-dupe the data so it may as well be all advanced disk

If you do it as KMS there is very little load (negligible) as the work is done at the firmware level of the tape drive - it similpy queries NetBackup for the key to use

It is very straight forward to setup and works without being even noticed by NetBackup - all details in the Security admin guide mentioned earlier

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Michellynn's picture

"Client encryption is not good - and if you use de-dupe it will not be able to de-dupe the data so it may as well be all advanced disk"

We are currently facing this issue with our environment.

We have a FIPS requirement to encrypt at AES-256 level....which can only be done at the client level (our symantec appliances only support Blowfish).

As a result, backup performance has been very poort and obviously de-dupe is not occurring.

Any suggestions for how to work around this?

Mark_Solutions's picture

If that is your requirement then i guess there is no real way around it and appliances just were not the right thing for you.

Based on what you have to have in place your only real option is to clear the de-dupe volume down and then shrink it and expand the advanced disk volume and use that instead - at least that will give you better performance as it will not be trying to de-dupe something which is not de-dupable!

Hope this helps

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Marianne's picture

Please have a look at this blog - it covers encryption options with NBU dedupe / appliances:

https://www-secure.symantec.com/connect/blogs/power-netbackup-deduplication-distributed-processing-and-secure-backup-streams 

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links