Ramon88 Posted September 8, 2009 Report Share Posted September 8, 2009 Okay, so now I've been reconverted to tape (long story). We have the new system running and as I was before warned by Lennart, the performance is nowhere near the theoretical figures. So far uncompressed it performs with 1000-1200 MB/min. With hardware compression it gets to 1650-1750 MB/min. Okay, I expected a bit more, especially because of the blistering fast SAS connection, iSCSI source, super-duper 8/16 HT cores with 24MB RAM* and the 80 MegaBYTES per second advertised LTO-4 speeds. I didn't do read/verify yet, so maybe that will be faster, I'll find out soon enough. I can live with the performance, don't get me wrong. But you get the feeling these figures do not represent real life, nor did I actually expect it. I'm not sure if Retrospect itself can be optimised, probably it's really up to the data itself, and if it compresses well enough to get to that magic 80 MB/sec. That would be 4:1 compression I guess. It could probably do that, but I guess my data isn't up to -that- spec. So okay, I think I'm still fond of this drive. Enough so to keep it. However, I also need to make sure the data on the tape can't easily be read back in case it gets stolen. And now I've hit a snag... Retrospect says it can't do (software) encryption and hardware data compression at the same time. That's all understandable, because encrypted data isn't easily compressed due to its structure. What I don't get is why Retrospect can't use the LTO-4 spec AES-256 -hardware- encryption. I suppose this is on the wish list already, but it's also a bit disappointing it doesn't feature it at the moment... Now back to the problem mentioned. How easily could one read a password protected Retrospect written LTO-4 tape (hardware data compression)? How secure would that be (using a really long an difficult password of course)? *) I'm not so crazy to believe Retrospect will actually use these features, it now 'stresses' the system (2008 Server R2) to like 6% maximum. The rest can be used by VM's in case we need extra emergency VM-space. Quote Link to comment Share on other sites More sharing options...
Mayoff Posted September 8, 2009 Report Share Posted September 8, 2009 I don't know if this works for SAS: Also, here's the registry key again that users can try to adjust to make their SCSI or FC cards go faster: ----------------------------------------------------------------- HKEY_LOCAL_MACHINE HARDWARE DEVICEMAP SCSI SCSIPORT (Driver --> i.e. Symmpi) SYSTEM CURRENTCONTROLSET SERVICES (Driver) PARAMETERS DEVICE -> MaximumSGList The MaximumSGList value is the one you want to set: (formula: if value 65, 65 - 1 = 64 x 4K = 256K Transfers) 65 = 256K transfers 33 = 128K transfers 17 = 64k transfers ----------------------------------------------------------------- Where it says "driver", that will be different depending on what kind of HBA it is and often has the brand name somewhat incorporated. Sometimes the MaximumSGList key doesn't exist, the user can add it. Changing this value can have a very tangible affect on performance, I would suggest users who don't like their performance try 256k, and if that doesn't work, 128k (not all cards work with all values). Quote Link to comment Share on other sites More sharing options...
Ramon88 Posted September 8, 2009 Author Report Share Posted September 8, 2009 Thanks Robin, We'll give that one a shot. B.t.w. I just got the media verification speed: - 8-9-2009 13:59:46: Verifying LTO Test 8-9-2009 16:12:33: Execution completed successfully Completed: 4271 files, 919,3 GB Performance: 7159,3 MB/minute Duration: 02:12:46 (00:01:16 idle/loading/preparing) This method of verification is surprisingly fast at about 120 MB/sec! Anybody got some insight about my password question? Quote Link to comment Share on other sites More sharing options...
Mayoff Posted September 8, 2009 Report Share Posted September 8, 2009 One day hardware encryption will be supported, just not right now. Quote Link to comment Share on other sites More sharing options...
emulator Posted September 8, 2009 Report Share Posted September 8, 2009 If you need hardware based encryption/compression, check out this thread: http://forums.dantz.com/showtopic.php?tid/27848/post/110081/hl//fromsearch/1/ Quote Link to comment Share on other sites More sharing options...
Ramon88 Posted September 9, 2009 Author Report Share Posted September 9, 2009 Hi emulator, I read that some time ago, and it is very interesting indeed. However for this particular client I don't think they want to invest too much into such a card and I'm not going to do it for them. ;-) It's a particular setup for a client whose databases we 'handle'. We have all their data backed up at the data centre itself, twice actually and both on RAID protected storage. Plus we transfer that data daily to an offsite iSCSI (also RAID protected) appliance using a leased line (fiber). After that we need to do an offline transfer to LTO. Speed is important, as our backup window can not exceed ± 15 hours, with the sweet spot at 8 hours. Yesterday I had about 1TB of data to write to the LTO drive, so you can see why we need it as fast as possible. That's why I need to know how difficult it actually is to crack a Retrospect password protected LTO-tape. It has to do with the client's request of making this happen and the budget is limited (like it always is). So I really need to know how much effort is involved to access the unencrypted data on the LTO tape in case they got stolen, provided we would have used an intricate password? This is something that we are required to document due to legal obligations. It doesn't need to be exact, but we need to be able to ascertain to an extent how hard it actually is to access the data. Quote Link to comment Share on other sites More sharing options...
Mayoff Posted September 9, 2009 Report Share Posted September 9, 2009 If you use AES Encryption, no one is going to crack it. It is US government certified encryption. Quote Link to comment Share on other sites More sharing options...
Ramon88 Posted September 9, 2009 Author Report Share Posted September 9, 2009 Hi Robin, I know AES would be terrific. But it can't be used together with hardware compression. So the question is how safe is using only a password on the tape Backup Set Members. Somebody that steals a tape would need to know they are dealing with Retrospect, plus they would need an LTO-4 drive. After that they could try brute force password guessing, but that is difficult to do in real life, especially with a long complicated password. This would 'crack' AES-encrypted tapes just as easily btw. The weakest link is the password. But would it be easily possible to read and dump the tape's data if I didn't know the password? Would take take some effort? Quote Link to comment Share on other sites More sharing options...
Mayoff Posted September 9, 2009 Report Share Posted September 9, 2009 I do not believe you can do Password only and hardware compression. I didn't think Retrospect allowed that either. Password only prevents access to the media by a causal user. The data in NOT encrypted and could easily be accessed via a good linux tool or a data recovery service. Quote Link to comment Share on other sites More sharing options...
Ramon88 Posted September 9, 2009 Author Report Share Posted September 9, 2009 I do not believe you can do Password only and hardware compression. I didn't think Retrospect allowed that either. I yesterday did! Password only prevents access to the media by a causal user. The data in NOT encrypted and could easily be accessed via a good linux tool or a data recovery service. Okay, thanks. I didn't know it could be done that way, but if it can it needs to be taken into account. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.