Encryption - Dell DL4000 User Manual

Tape library

Hide thumbs Also See for DL4000:

User manual (163 pages)

Owner's manual (101 pages)

Deployment manual (22 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

page of 175

/ 175
Contents
Table of Contents
Bookmarks

Table of Contents

Figure 4. Diagram of deduplication

Your appliance performs target-based inline data deduplication, where the snapshot data is transmitted

to the Core before it is deduplicated. Inline data deduplication simply means the data is deduplicated

before it is committed to disk. This is different from at-source or post-process deduplication, where the

data is deduplicated at the source before it is transmitted to the target for storage, and in post-process

the data is sent raw to the target where it is analyzed and deduplicated after the data has been committed

to disk. At-source deduplication consumes precious system resources on the machine whereas the post-

process data deduplication approach needs all the requisite data on disk (a greater initial capacity

overhead) before commencing the deduplication process. On the other hand, inline data deduplication

does not require additional disk capacity and CPU cycles on the source or on the Core for the

deduplication process. Lastly, conventional backup applications perform repetitive full backups every

week, while your appliance performs incremental block-level backups of the machines forever. This

incremental- forever approach in tandem with data deduplication helps to drastically reduce the total

quantity of data committed to the disk with a reduction ratio of as much as 50:1.

Encryption

Your appliance provides integrated encryption to protect backups and data-at-rest from unauthorized

access and use, ensuring data privacy. Only a user with the encryption key can access and decrypt the

data. There is no limit to the number of encryption keys that can be created and stored on a system. DVM

uses AES 256-bit encryption in the Cipher Block Chaining (CBC) mode with 256-bit keys. Encryption is

performed inline on snapshot data, at line speeds without impacting performance. This is because DVM

implementation is multi-threaded and uses hardware acceleration specific to the processor on which it is

deployed.

Encryption is multi-tenant ready. Deduplication has been specifically limited to records that have been

encrypted with the same key; two identical records that have been encrypted with different keys will not

be deduplicated against each other. This design ensures that deduplication cannot be used to leak data

between different encryption domains. This is a benefit for managed service providers, as replicated

backups for multiple tenants (customers) can be stored on a single core without any tenant being able to

see or access other tenant's data. Each active tenant encryption key creates an encryption domain within

the repository where only the owner of the keys can see, access, or use the data. In a multi-tenant

scenario, data is partitioned and deduplicated within the encryption domains.

Table of Contents

Encryption - Dell DL4000 User Manual

Encryption

Related Manuals for Dell DL4000

Related Products for Dell DL4000

Table of Contents