Encryption - Dell PowerVault DL4000 User Manual

Backup to disk appliance - poweredby appassure

Hide thumbs Also See for PowerVault DL4000:

User manual (175 pages)

Owner's manual (101 pages)

Deployment manual (22 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

page of 163

/ 163
Contents
Table of Contents
Bookmarks

Table of Contents

Figure 3. True Global Deduplication

AppAssure 5 performs target-based inline data deduplication. This means that the snapshot data is transmitted over to

the Core before it is deduplicated. Inline data deduplication simply means the data is deduplicated before it is committed

to disk. This is very different from at-source or post-process deduplication, where the data is deduplicated at the source

before it is transmitted to the target for storage, and in post-process the data is sent raw to the target where it is

analyzed and deduplicated after the data has been committed to disk. At-source deduplication consumes precious

system resources on the machine whereas the post-process data deduplication approach needs all the requisite data

on disk (a greater initial capacity overhead) before commencing the deduplication process. On the other hand, inline

data deduplication does not require additional disk capacity and CPU cycles on the source or on the Core for the

deduplication process. Conventional backup applications perform repetitive full backups every week, while AppAssure

performs incremental block level backups of the machines forever. This incremental forever approach in tandem with

data deduplication helps to drastically reduce the total quantity of data committed to the disk with a reduction ratio of as

much as 80:1.

Encryption

AppAssure 5 provides integrated encryption to protect backups and data-at-rest from unauthorized access and use,

ensuring data privacy. AppAssure 5 provides strong encryption. By doing so, backups of protected computers are

inaccessible. Only the user with the encryption key can access and decrypt the data. There is no limit to the number of

encryption keys that can be created and stored on a system. DVM uses AES 256-bit encryption in the Cipher Block

Chaining (CBC) mode with 256-bit keys.

Encryption is performed inline on snapshot data, at line speeds without impacting performance. This is because DVM

implementation is multi-threaded and uses hardware acceleration specific to the processor on which it is deployed.

Encryption is multi-tenant ready. The deduplication has been specifically limited to records that have been encrypted

with the same key; two identical records that have been encrypted with different keys is not be deduplicated against

each other. This design decision ensures that deduplication cannot be used to leak data between different encryption

domains. This is a benefit for managed service providers, as replicated backups for multiple tenants (customers) can be

stored on a single core without any tenant being able to see or access other tenant data. Each active tenant encryption

key creates an encryption domain within the repository where only the owner of the keys can see, access, or use the

data. In a multi-tenant scenario, data is partitioned and deduplicated within the encryption domains.

Table of Contents

Encryption - Dell PowerVault DL4000 User Manual

Encryption

Related Manuals for Dell PowerVault DL4000

Related Content for Dell PowerVault DL4000

Table of Contents