Home » Dell Manuals » Storage Devices » Dell DR2000v » Manual Viewer

Dell DR2000v DR Series System Administrator Guide - Page 146

Configuring and Using Encryption at Rest, Understanding Encryption at Rest

View all Dell DR2000v manuals

Add to My Manuals
Save this manual to your list of manuals

Page 146 highlights

13 Configuring and Using Encryption at Rest This chapter introduces the concept of Encryption at Rest as used by the DR Series system as well as related concepts and tasks. NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale. Refer to the subsequent topics for more information. Understanding Encryption at Rest Data that resides in the DR Series system can be encrypted. When encryption is enabled, the DR Series system uses the Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for encrypting and decrypting user data. The content encryption key is managed by the key manager, which operates in either a Static mode or an Internal mode. In Static mode, a global, fixed key is used to encrypt all data. In internal mode, key lifecycle management is performed in which the keys are periodically rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days. A user-defined passphrase is used to generate a pass phrase key, which is used to encrypt the content encryption keys. It is mandatory to define a passphrase to enable encryption. The system supports up to a limit of 1023 different content encryption keys. All streams of a data-store are encrypted or re-encrypted with the same content encryption key. DR Series system statistics report the amount of data encrypted and decrypted bytes consistently. Encryption at Rest Terminology This topic introduces and briefly defines some basic encryption at rest terminology used in the DR Series system documentation. Term Passphrase Content encryption key Key management mode Description A passphrase is a sequence of words or other text used to control access to data, similar to a password in usage, but is generally longer for added security. In the DR Series system, the passphrase is userdefined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 256 bytes in length. It is mandatory to define a passphrase to enable encryption. The key used to encrypt the data. The content encryption key is managed by the key manager, which operates in either a static mode or an internal mode. The system supports up to a limit of 1023 different content encryption keys. The mode of key lifecycle management as either static or internal. Static mode A global mode of key management in which a fixed key is used to encrypt all data. 146

Section	Page
Dell DR Series System Administrator Guide	3
Introduction to the DR Series System Documentation	10
About the DR Series System GUI Documentation	10
What's New In This Release	10
Other Information You May Need	10
Source Code Availability	11
Understanding the DR Series System	12
About the DR Series System	13
DR Series Data Storage Concepts	14
Data Deduplication and Compression	14
Encryption at Rest	15
Streams vs. Connections	15
Replication	16
Replication Seeding	17
Reverse Replication	17
Reverse Replication: Alternate Method	18
Supported File System and Tape Access Protocols	18
NFS	18
CIFS	19
CIFS ACL Support	19
Access Control List Support in Containers	19
Unix Permissions Guidelines	20
Windows Permissions Guidelines	21
Rapid NFS and Rapid CIFS	21
DR Rapid for the DR Series System	22
RDA with OST for the DR Series System	22
Software Components and Operational Guidelines	23
Supported Virtual Tape Library Access Protocols	24
NDMP	24
iSCSI	24
DR Series System Hardware and Data Operations	24
DR Series Expansion Shelf	25
Understanding the Process for Adding a DR Series Expansion Shelf	26
Supported Software and Hardware	26
Terminal Emulation Applications	27
DR Series Hardware System — Expansion Shelf Cabling	27
Adding a DR Series Hardware System Expansion Shelf	29
Setting Up the DR Series System Hardware	31
Interacting with the DR Series System	31
Networking Preparations for the DR Series System	31
Connections for Initializing a DR Series System	32
Initializing the DR Series System	33
Default IP Address and Subnet Mask Address	33
Local Console Connection	34
iDRAC Connection	36
Logging in and Initializing the DR Series System	36
Accessing iDRAC6/iDRAC7 Using RACADM	37
Logging in Using a Web Interface for the First Time	38
Registering a DR Series System	40
Enabling Active Scripting in Windows IE Browsers	41
Disabling the Compatibility View Settings	41
Configuring the DR Series System Settings	42
Configuring Networking Settings	42
Networking Page and Ethernet Port Values	45
Managing the DR Series System Password	46
Modifying the System Password	46
Resetting the Default System Password	46
Shutting Down the DR Series System	47
Rebooting the DR Series System	47
Configuring Active Directory Settings	48
Configuring Local Workgroup Users Settings	49
Configuring Email Alert Settings	49
Adding a Recipient Email Address	49
Editing or Deleting a Recipient Email Address	50
Sending a Test Message	50
Configuring Administrator Contact Information	51
Adding Administrator Contact Information	51
Editing Administrator Contact Information	52
Managing Passwords	52
Modifying the System Password	52
Modifying Password Reset Options	52
Configuring an Email Relay Host	53
Adding an Email Relay Host	53
Editing an Email Relay Host	53
Configuring System Date and Time Settings	54
Editing System Date and Time Settings	54
Understanding Containers	55
Configuring Share-Level Security	55
Managing DR Series Storage Operations	57
Understanding the Storage Page and Options	57
Understanding the Storage Options	58
Containers	58
Replication Page	59
Encryption	59
Clients	59
Managing Container Operations	62
Creating Storage Containers	62
Editing Container Settings	66
Deleting Containers	67
Moving Data Into a Container	67
Displaying Container Statistics	68
Managing Replication Operations	70
TCP Port Configuration	70
Before you Begin	70
Creating Replication Relationships	71
Modifying Replication Relationships	71
Deleting Replication Relationships	72
Starting and Stopping Replication	72
Adding a Cascaded Replica	73
Displaying Replication Statistics	73
Creating a Replication Schedule	74
Managing Encryption Operations	75
Setting or Changing the Passphrase	75
Enabling Encryption	76
Changing Encryption Settings	76
Disabling Encryption	77
Monitoring the DR Series System	78
Monitoring Operations Using the Dashboard Page	78
System Status Bar	78
DR Series System and the Capacity-Storage Savings-Throughput Panes	79
System Information Pane	79
Monitoring System Alerts	80
Using the Dashboard Alerts Page	80
Viewing the System Alerts	80
Monitoring System Events	81
Using the Dashboard to Display System Events	81
Using the Dashboard Events Option	82
Using the Event Filter	82
Monitoring System Health	83
Using the Dashboard Page to Monitor System Health	83
Using the Dashboard Health Options	84
Monitoring System Usage	85
Displaying Current System Usage	85
Setting a Latest Range Value	86
Setting a Time Range Value	86
Monitoring Container Statistics	86
Displaying the Container Statistics Page	87
Monitoring Replication Statistics	88
Displaying the Replication Statistics Page	88
Displaying Replication Statistics Using the CLI	89
Using Global View	91
About Global Views	91
Prerequisites	91
Configuring Active Directory Settings	92
Adding a Login Group in an ADS Domain	93
About the Global View Page	93
Global View Summary	94
Appliance List	95
Navigating in Global View	96
Adding a DR Series System to Global View	97
Removing a DR Series System from Global View	97
Reconnecting DR Series Systems	97
Using the Reconnect Report	98
Using the DR Series System Support Options	99
Support Information Pane	99
Diagnostics Page and Options	99
Generating a Diagnostics Log File	100
Downloading Diagnostics Log Files	101
Deleting a Diagnostics Log File	102
DR Series System Software Upgrade	102
Software Upgrade Page and Options	102
Verifying the Current Software Version	103
Upgrading the DR Series System Software	103
SSL Page and Options	104
Installing an SSL Certificate	104
Resetting the SSL Certificate	104
Generating a CSR	105
Restore Manager (RM)	105
Downloading the Restore Manager	106
Creating the Restore Manager USB Key	106
Running the Restore Manager (RM)	107
Resetting the Boot LUN Setting in PERC H700 BIOS After Running RM	107
Hardware Removal or Replacement	108
DR Series System: Proper Shut Down and Start Up	108
DR Series System NVRAM	108
Configuring and Using Rapid NFS and Rapid CIFS	110
Rapid NFS and Rapid CIFS Benefits	110
Best Practices: Rapid NFS	110
Best Practices: Rapid CIFS	112
Setting Client-Side Optimization	112
Installing the Rapid NFS Plug-In	113
Installing the Rapid CIFS Plug-In	114
Determining If Your System Is Using Rapid NFS or Rapid CIFS	114
Viewing the Rapid NFS and Rapid CIFS Logs	115
Viewing Rapid NFS Logs	115
Viewing Rapid CIFS Logs	115
Monitoring Performance	115
Uninstalling the Rapid NFS Plug-In	116
Uninstalling the Rapid CIFS Plug-In	116
Configuring and Using Rapid Data Access with Dell NetVault Backup and with Dell vRanger	117
Overview	117
Guidelines for using RDA with NetVault Backup and with vRanger	118
Best Practices: RDA with NetVault Backup and vRanger and the DR Series System	118
Setting Client-Side Optimization	118
Adding RDS Devices in NetVault Backup	119
Removing RDS Devices From NetVault Backup	119
Backing Up Data on the RDS Container Using NetVault Backup	120
Replicating Data to a RDS Container using NetVault Backup	120
Restoring Data From a DR Series System using NetVault Backup	121
Supported DR Series System CLI Commands for RDS	122
Configuring and Using RDA with OST	123
Understanding RDA with OST	123
Guidelines	124
Terminology	124
Supported RDA with OST Software and Components	125
Best Practices: RDA with OST and the DR Series System	125
Setting Client-Side Optimization	125
Configuring an LSU	126
Installing the RDA with OST Plug-In	126
Understanding the RDA with OST Plug-In (Linux)	126
Understanding the RDA with OST Plug-In (Windows)	127
Installing the RDA with OST Plug-In for Backup Exec on Windows	127
Installing the RDA with OST Plug-In for NetBackup on Windows	128
Uninstalling the RDA with OST Plug-In for Windows	128
Installing the RDA with OST Plug-In for NetBackup on Linux	129
Uninstalling the RDA with OST Plug-In for Linux	129
Configuring DR Series System Information Using NetBackup	130
Using NetBackup CLI to Add DR Series System Name (Linux)	130
Using NetBackup CLI to Add DR Series System Name (Windows)	130
Configuring NetBackup for the DR Series System	131
Configuring NetBackup for Optimized Synthetic Backups	131
Creating Disk Pools From LSUs	132
Creating Storage Units Using the Disk Pool	133
Backing Up Data From a DR Series System (NetBackup)	133
Restoring Data From a DR Series System Using NetBackup	133
Duplicating Backup Images Between DR Series Systems Using NetBackup	134
Using Backup Exec With a DR Series System (Windows)	134
RDA with OST Plug-In and Supported Versions	134
Installation Prerequisites for the RDA with OST Plug-In for Backup Exec	134
Configuring the DR Series System Using the Backup Exec GUI	135
Creating Backups on the DR Series System Using Backup Exec	135
Optimizing Duplication Between DR Series Systems Using Backup Exec	136
Restoring Data from a DR Series System Using Backup Exec	137
Understanding the OST CLI Commands	137
Supported DR Series System CLI Commands for RDA with OST	137
Understanding RDA with OST Plug-In Diagnostic Logs	138
Rotating RDA with OST Plug-In Logs for Windows	138
Collecting Diagnostics Using a Linux Utility	139
Rotating RDA with OST Plug-In Logs for Linux	139
Guidelines for Gathering Media Server Information	139
NetBackup on Linux Media Servers	139
NetBackup on Windows Media Servers	140
Backup Exec on Windows Media Servers	141
Configuring and Using VTL	142
Understanding VTL	142
Terminology	142
Supported Virtual Tape Library Access Protocols	142
NDMP	143
iSCSI	143
VTL and DR Series Specifications	143
Guidelines for Configuring VTL	144
Configuring and Using Encryption at Rest	146
Understanding Encryption at Rest	146
Encryption at Rest Terminology	146
Encryption at Rest and DR Series Considerations	147
Understanding the Encryption Process	147
Troubleshooting and Maintenance	149
Troubleshooting Error Conditions	149
DR Series System Alert and Event Messages	149
About the Diagnostics Service	178
Understanding Diagnostics Collection	179
About the DR Series System Maintenance Mode	179
Scheduling DR Series System Operations	181
Creating a Cleaner Schedule	181
Displaying Cleaner Statistics	182
Supported Ports in a DR Series System	184
Getting Help	186
Before Contacting Dell Support	186

Match case Limit results 1 per page

Configuring and Using Encryption at Rest

This chapter introduces the concept of Encryption at Rest as used by the DR Series system as well as related concepts

and tasks.

NOTE:

Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore,

may not be available in your locale.

Refer to the subsequent topics for more information.

Understanding Encryption at Rest

Data that resides in the DR Series system can be encrypted. When encryption is enabled, the DR Series system uses the

Industry standard FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) encryption algorithm for encrypting

and decrypting user data. The content encryption key is managed by the key manager, which operates in either a Static

mode or an Internal mode. In Static mode, a global, fixed key is used to encrypt all data. In internal mode, key lifecycle

management is performed in which the keys are periodically rotated. The minimum key rotation period before the

content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable

and can be specified in days. A user-defined passphrase is used to generate a pass phrase key, which is used to

encrypt the content encryption keys. It is mandatory to define a passphrase to enable encryption. The system supports

up to a limit of 1023 different content encryption keys. All streams of a data-store are encrypted or re-encrypted with the

same content encryption key. DR Series system statistics report the amount of data encrypted and decrypted bytes

consistently.

Encryption at Rest Terminology

This topic introduces and briefly defines some basic encryption at rest terminology used in the DR Series system

documentation.

Term

Description

Passphrase

A passphrase is a sequence of words or other text used to control

access to data, similar to a password in usage, but is generally longer

for added security. In the DR Series system, the passphrase is user-

defined and is used to generate a passphrase key that encrypts the file

in which the content encryption keys are kept. The passphrase is a

human readable key, which can be up to 256 bytes in length. It is

mandatory to define a passphrase to enable encryption.

Content encryption key

The key used to encrypt the data. The content encryption key is

managed by the key manager, which operates in either a static mode or

an internal mode. The system supports up to a limit of 1023 different

content encryption keys.

Key management mode

The mode of key lifecycle management as either static or internal.

Static mode

A global mode of key management in which a fixed key is used to

encrypt all data.

146