Symantec's Veritas NetBackup Media Server Encryption Option works within existing NetBackup policies and backs-up all existing NetBackup clients, making it easier to use than an appliance or third-party software product, said Mike Adams, senior group manager for NetBackup product marketing.
Veritas Corp., now owned by Symantec, introduced encryption in 2004, but it ran at the application server level. In April, Symantec introduced encryption through its Veritas NetBackup 6.0 PureDisk Remote Office Edition, but the product was not intended for the enterprise data center, Adams said.
The new NetBackup Media Server Encryption Option is intended for the data center and can offer 128-bit or 256-bit AES encryption, allowing users to stage data to a secondary disk storage array, such as a virtual tape library, or transfer the encrypted data directly to magnetic tape.
Symantec is OEMing the new technology from Vormetric Inc., in Santa Clara, Calif., in order encrypt data on a file system at actual backup server, according to Jon Olstik, an analyst with the Enterprise Strategy Group, in Milford, Mass. "The client encryption was notoriously slow and put the encryption processing burden on the clients. In this new model, the client sends data to the server in cleartext and the server then encrypts everything."
Also different about Symantec's latest backup encryption option is that encryption keys can be managed through a central database.
Olstik said latency from the encryption process' usage of CPU cycles should be minimal since all encryption administration and overhead is performed at the backup server.
"There may be some latency, a 4% performance hit is not unusual," Olstik said.
With a number of encryption products on the market, both hardware and software based the right technology for any particular user will depend heavily on their legacy and heterogeneous systems, Olstik said. "You have to upgrade Symantec NetBackup to get the new encryption features and you may not want to do this," he said.
Users may also be sharing tape drives between a Symantec backup and EMC Legato backup environment. They can consolidate encryption functions by using an appliance from Network Appliance Inc.'s Decru subsidiary or NeoScale Systems Inc., rather than trying to use two native functions.
NetBackup Media Server Encryption Option will be available in January for NetBackup v.5.1 and v.6.0 and will compliment NetBackup's existing Client Encryption Option, which encrypts backup data at the client. Symantec is charging US$5,000 per server license for NetBackup Media Server Encryption Option and $10,000 for the key management media server license.