Encryption With Replication; Configuring The Backup Media Server; Troubleshooting; To Add Ip Addresses To A Subnet - HP StoreOnce 4900 Backup Installation And Configuration Manual
Hide thumbs
Also See for StoreOnce 4900 Backup:
- Service and maintenance manual (53 pages) ,
- Start here (2 pages)
Table of Contents
Advertisement
----------------------
Network: subnet_2
----------------------
IP Addresses: 10.1.1.21,10.1.1.22
Net Mask: 255.255.0.0
Domain Name: rnd.mycompany.net
Gateway: 10.1.1.1
Default Network:
Net Usage: data
VLAN tag: 22
Port Set: portset_2 with these interfaces: eth5 eth7
Encryption Links: 172.18.198.101
Bonding Mode: 4 (Link Aggregate Control Protocol (LACP) Bonding)
Encryption with replication
StoreOnce Backup systems are treated exactly like clients by IPsec. To set up an encrypted link
between two StoreOnce Backup systems, use the StoreOnce CLI command, net add encryption,
on each system, providing the other system's IP address but using the same passphrase.
Configuring the backup media server
The IPsec pair and rule must be configured on both the backup media server and the StoreOnce
Backup appliance. See the HP StoreOnce Backup system Linux and UNIX Configuration guide for
information about configuring Linux media servers. Configuration of Windows media servers is
via Windows local security policy, as described in
Windows media servers (page
to http://www.hp.com/ebs.
NOTE:
The settings for key lifetimes can have an impact on the performance of the data in flight
encryption links. If the lifetime values are set to low values, then there is a risk of low performances
or even failures of the backup jobs. It is recommended, that these values are set sufficiently high
to allow the backup jobs to run as well as maintain the security of the data being transferred
Troubleshooting
A performance drop may be seen when Data in Flight encryption is turned on. The amount of drop
in performance depends on the CPU and memory resources of the backup media servers as well
as the amount of unique data being transmitted. If a data in flight encryption link is to be setup
between a backup media server and a StoreOnce appliance, it is recommended that multiple
VLANs are configured between the backup media server and the StoreOnce appliance, and a
data in flight encryption link is configured within each VLAN to improve the aggregate performance
between the backup media server and the StoreOnce appliance.
To add IP addresses to a subnet
It is possible to add a subnet to a configuration without configuring an IP address, ipaddr is an
optional parameter in the StoreOnce CLI command, net add subnet.
The StoreOnce CLI command to add IP addresses separately is in the format:
# net add ipaddr <newconfig> <subnet_name> <IPlist>
If we had not provided an IP address for our new VLAN subnet, we could add it separately as
follows:
# net add ipaddr ACMECorpNetwork1 SalesSubnet 10.2.1.56
To add a new subnet that is not a VLAN
If you have not configured all ports on the StoreOnce Backup system, you may create another
portset for the configuration and then add a subnet to that portset. Since the portset is not VLAN
enabled, you may add only one subnet to the portset.
Configuring Data in Flight encryption on
83). For full details of which operating systems are supported go
Modifying the current network configuration
61
- Quick Links:
- Configure Network
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
