Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Testing Encrypted Tapes

Created: 18 Sep 2012 | 3 comments
BFM's picture

I encrypt our tapes using the Best Practices guide for this product. 

Our IT Auditors want to test this by restoring from thes tapes back to disk.

I have done a restore and all went as planned.  However, IT Auditors are concearned this process of restore never asked me for the Encryption password.

How do I respond to this?  How can I get a good test to document?

Jim

 

Comments 3 CommentsJump to latest comment

CraigV's picture

Hi Jim,

 

Couldn't really find anything around this, but here are a couple of TNs to read through...see if they point you in the right direction:

http://www.symantec.com/business/support/index?page=content&id=HOWTO11721

http://www.symantec.com/business/support/index?page=content&id=HOWTO11722

http://www.symantec.com/business/support/index?page=content&id=HOWTO11718

...and encryption is selected for the job, correct?

Thanks!

Alternative ways to access Backup Exec Technical Support:

https://www-secure.symantec.com/connect/blogs/alte...

pkh's picture

 IT Auditors are concearned this process of restore never asked me for the Encryption password.

This is by design.  If the pass phrase is present in the media server, then you would not be prompted for pass phrase.  This is even true when the pass phrase is restricted and the id who is doing the restore is the owner of the pass phrase.

If you want to be prompted for the pass phrase, then either delete the encryption key which is used to encrypt the tape, or use a restricted pass phrase and a user who is not the owner of the restricted pass phrase.  The latter option works like this

1) use UserA to create a restricted encryption key.

2) do a backup using this restricted encryption key

3) use UserB to do the restore.

 

 

Colin Weaver's picture

Your other option is to install Backup Exec on a test server with the same tape technology attached and then try and do a Inventory, Catalog and Restore without entering the passphrase (You could even temporarily move your existing drive to the test server to prove this and then move it back.)