To Add Data In Flight Encryption - HP StoreOnce 2700 Installation And Configuration Manual
Backup
Hide thumbs
Also See for StoreOnce 2700:
- Installation and configuration manual (130 pages) ,
- Service and maintenance manual (60 pages) ,
- Service and maintenance manual (81 pages)
Table of Contents
Advertisement
1.
Create a backup copy of the StoreOnce configuration using the StoreOnce CLI command
(config save devices. If you have the Security Pack license installed, also create a
keystore backup using the StoreOnce CLI command (config save keystore.
2.
You are not allowed to modify the current configuration directly. Create a copy of the current
configuration using the following StoreOnce CLI command (<newconfig> is the name
assigned to the copied file and can be any name you choose):
net copy config from current to <newconfig>
3.
Make the required modification, using the relevant parameters as described in the separate
sections below. The StoreOnce CLI commands that you use will depend upon the type of
modification that you are making, whether you are adding to or modifying a configuration.
See examples below for syntax. For more details of individual commands refer to the HP
StoreOnce Backup system CLI Reference guide.
4.
Validate the modified configuration using the StoreOnce CLI command:
net validate config <newconfig>
5.
Activate the modified configuration using the StoreOnce CLI command:
net activate config <newconfig>
6.
Once successfully validated and activated, the modified configuration becomes the current
configuration and overwrites the contents of the current configuration.
TIP:
If configuring multiple VLANs, or reconfiguring a network, it may take some time for
the configuration to complete. Use the StoreOnce CLI command, net activate status,
to view status.
TIP:
The writeprotect parameter is set to no by default. Once the configuration is correct
and activated, you may change the parameter to yes to prevent accidentally overwriting
configuration parameters.
To add Data in Flight Encryption
NOTE:
Data in flight encryption is supported for backup to StoreOnce Catalyst target devices
and for Catalyst copy between StoreOnce Backup systems. It is not supported for backup to NAS
or VTL target devices, but is supported for replication between StoreOnce Backup systems.
IP packets have no in-built security measures, which means that access to the network enables
packet content to be viewed and, because there is no verification, there is no indication whether
a packet has been viewed or the content modified. IPsec is an OSI layer 3 protocol that provides
encryption and mutual verification at the IP address level. The IPsec protocol is supported for data
subnet encryption on all StoreOnce models running StoreOnce software version 3.1 1.0 or later.
Data in Flight Encryption uses the IPsec protocol to support data encryption at subnet level. It
requires the user to pair the IP addresses of the backup media server to the subnet that has been
configured on the StoreOnce Backup system and to create a rule that ensures the pair communicate
uniquely with each other based on a password configured within the rule. Configuration on the
StoreOnce Backup system is via a single StoreOnce CLI command, net add encryption. It
cannot be configured as part of the wizard. But this is only one half of the configuration. The user
must also configure IPsec on the media server that forms the other half of the pair.
Modifying the current network configuration
49
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
