Data Protector Express User Guide (TC330-96005, September 2011)
Table Of Contents
- User Guide
- Contents
- 1 Overview
- 2 Administering Backup
- 3 Configuring Backup Jobs
- 4 Configuring Restore and Verify Jobs
- 5 Working With Devices
- 6 Scheduling, Rotations, and Media Management
- 7 Encryption and Compression
- 8 Working with Third-Party Applications
- Microsoft Exchange Server
- Working with Microsoft SQL Server
- Microsoft SQL server concepts
- Configuring the Microsoft SQL Server
- Backing up Microsoft SQL Server
- Restoring Microsoft SQL Server
- Restoring Microsoft SQL Server user databases
- Restoring Microsoft SQL Server master databases
- Restoring Microsoft SQL Server 2000 master databases
- Restoring Microsoft SQL Server 7 master databases
- Protecting Microsoft Windows SharePoint Services
- Working with Certificate Services
- 9 Disaster Recovery
- 10 Backup Domain Configuration
- 11 Advanced Job Options
- 12 Support and other resources
- Index
7 Encryption and Compression
Encryption
Encryption is the process of changing data into a form that cannot be read until it is deciphered,
protecting the data from unauthorized access and use. Company policy normally determines when
encryption is required.
For example, your company may require encryption for company confidential and financial data,
but not for personal data. Company policy will also define how encryption keys should be generated
and managed.
Data Protector Express provides the ability to encrypt the data that is written to the media and fully
implements the Advanced Encryption Standard (AES) for both hardware and software encryption.
• Hardware encryption is supported on some backup devices, such as HP LTO-4 tape drives.
Hardware encryption is faster than software encryption and requires no processing on the
backup server. The encryption strength is determined by the backup device. HP LTO-4 and
later generation tape drives always provide strong AES-256 encryption. This feature can be
managed by a backup application that supports hardware encryption, such as Data Protector
Express.
• Software encryption uses the encryption algorithms available within Data Protector Express.
You can select an encryption strength: Low 56 bit, Medium 128-bit or High 256-bit. Each
encryption key size causes the algorithm to behave slightly differently. Increasing software
encryption strength makes the data more secure, but requires more processing power.
Cryptographic Algorithms
Cryptographic algorithms are the basic components of cryptographic applications. As the complexity
of the encryption algorithm increases, the information gets harder to read, and for software-based
encryption, the load on the machine increases.
Software
Three cryptographic algorithms are provided. These three settings provide three levels of resistance
which require progressively more CPU time to convert the same amount of data. The three options
are for the software encryption mode only.
• Low – DES 56-bit
• Medium – AES 128-bit
• High – AES 256-bit
Hardware
The cryptographic algorithm provided by hardware devices that provide hardware encryption is
not under Data Protector Express control. The device provides access to configuration and operating
parameters via a device-specific encryption method. In Data Protector Express, you can enable or
disable hardware encryption, but you cannot adjust the encryption level or algorithm through the
Data Protector Express interface. If the device supports multiple encryption algorithms, Data Protector
Express will attempt to use the highest encryption algorithm supported on the device. If the device
does not support encryption, you will be prompted with an alert saying that the device cannot be
used because it does not support hardware encryption.
40 Encryption and Compression