Standalone stolen Tape readable ?

Last post 12-05-2013, 2:17 PM by Ali. 9 replies.
Sort Posts: Previous Next
  • Standalone stolen Tape readable ?
    Posted: 12-04-2013, 1:09 PM

    Hi,

     

    I have an urgent question from audit team concerning backup clone on tape.

    If a tape is stolen, will the thief will be able to read some data on it ?

     

    I don't think I have any encryption activated on Simpana but with multiplexing which is fragmenting data and without index restore, it will be quite difficult but not impossible.

     

    Am I right ?

     

    regards

  • Re: Standalone stolen Tape readable ?
    Posted: 12-04-2013, 2:33 PM
    • Ali is not online. Last active: 02-22-2019, 10:44 AM Ali
    • Top 10 Contributor
    • Joined on 08-05-2010

    Hi Wad, hope you're well.

    Yes, enabling encryption is the way to go to secure the data from risk.

  • Re: Standalone stolen Tape readable ?
    Posted: 12-04-2013, 2:39 PM
    • efg is not online. Last active: 05-22-2019, 10:21 AM efg
    • Top 10 Contributor
    • Joined on 02-02-2010
    • CommVault Tinton Falls NJ
    • Expert
    • Points 1,656

    You are correct.  Also keep in mind that CommVault writes to the tape media using a proprietary format, so unless the "thief" has CommVault installed it would not be very easy extracting any data from the media (Unless they are very good with unix utilities like "dd" and various "hex" editors...)  :) 


    Ernst F. Graeler
    Senior Engineer III
    Development
  • Re: Standalone stolen Tape readable ?
    Posted: 12-05-2013, 9:09 AM

    (normal backup job - without encryption)



    i think using the "media explorer" from the wintools dvd should work to restore your jobs located on the stolen media easily.

    with this you can read the catalog and restore the whole job.
    except you have created a media password, which isnt default from V10 on.

    you have to set it manually (control panel - system icon). in older versions the media password was set during installation.

    kind regards,
    Sebastian

  • Re: Standalone stolen Tape readable ?
    Posted: 12-05-2013, 9:30 AM

    Hi all,

     

    Thank you all for your feedback. 

    In main lines, I was quite close to the truth.

     

    I am a bit surprise on Sebastiank's comments about Wintools dvd. It's a bit strange is data on the tape are in Commvault specific file format.

  • Re: Standalone stolen Tape readable ?
    Posted: 12-05-2013, 9:46 AM

    you are right.
    simpana is writing the data in its own fileformat...using the chunks.

    maybe its a little bit misleading with my expression "wintools". this is not a microsoft dvd, this stuff is provided by commvault.

    you have a set of DVDs for simpana ...
    and i meant DVD 5...the media explorer is actually being used, when you lose your commserve and you have to do an urgent restore, while your commserve is down.

    so you can read the catalog in, and restore the job without having access to cs.

    kind regards,
    Sebastian


    Disc 1
    All Windows x32 and x64 components,

    Disc 2
    Simpana® 1-Touch components

    Disc 3
    All Unix, Linux and Macintosh components, (both clustered and non-clustered environments)

    Disc 4
    Simpana® 1-Touch Linux components

    Disc 5
    Simpana® Advanced Tools (Windows)

    Disc 6
    Simpana® Advanced Tools (Unix, Linux)

     

  • Re: Standalone stolen Tape readable ?
    Posted: 12-05-2013, 9:51 AM

    Oh, yes,...

    little misunderstanding, I was thinking you're talking about external tool not a commvault tool.

    But that's right, Simpana should have some kinds of restore tool in case of crash... but that implie to have them and to know that is a Simapa tape...

     

    Thanks all

  • Re: Standalone stolen Tape readable ?
    Posted: 12-05-2013, 9:59 AM

    correct...you have to know its being written with simpana...

    still having knowledge at least about some simpana tools....you can use the "tapetoolgui.exe" software from your base location, where your simpana binaries are installed and start reading the label...then....Laughing

     

     

    Reading from the tape. Please wait...
    GALAXY Media Label on the current media
    MagicNumber        = CVMEDIALABEL
    LabelVersion       = 10(BUILD116)
    MMSCommCellId      = 12112
    Vendor             = CommVault Systems
    MediaCreationTime  = 1381323144
    Application        = Galaxy
    MediaName          =
    MediaID            = 2_BC_000219_10
    LabelGUID          = 0
    BarCode            = 000219

     

     

     

     

  • Re: Standalone stolen Tape readable ?
    Posted: 12-05-2013, 1:32 PM

    Unless someone can correct me, there are two ways of doing encryption on tape. First, encrypt the jobs within CV. This requires a license (can someone confirm? I don't use this) for encryption. Second, you can configure your tape library data path to use hardware encryption. This does not require a separate license, and it leverages the HW encryption capabilities of your tape drives if they are capable of it.

    http://documentation.commvault.com/commvault/release_10_0_0/books_online_1/english_us/prod_info/cs.htm?var1=http://documentation.commvault.com/commvault/release_10_0_0/books_online_1/english_us/features/data_encryption/hardware_encryption.htm

    I've been using the HW tape encryption for some time because of the scenario the OP outlined. The tape drive doesn't care about what CV is throwing at it- it all gets encrypted at write time.

  • Re: Standalone stolen Tape readable ?
    Posted: 12-05-2013, 2:17 PM
    • Ali is not online. Last active: 02-22-2019, 10:44 AM Ali
    • Top 10 Contributor
    • Joined on 08-05-2010

    Hi nebben,

    Yes 2 types, either manage the encryption through Simpana, or via the HW.  If  you are using HW, you should not need a license.

    The advantage with using the Simpana encryption is every chunk has its own key making this highly secure, as opposed to using HW encryption, where an entire tape could/can have its own key making it less secure (correct if i'm wrong about how your HW vendor does it).

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2019 Commvault | All Rights Reserved. | Legal | Privacy Policy