Encrypting Si3 Deduplication Store
Si3 encryption for Si3 deduplication store is one of the SEP sesam encryption types (also available are software-based and LTO encryption), introduced in v. 4.4.3 Tigon. SEP sesam provides encryption for Si3 deduplication to help ensure compliance with data protection legislation.
The administrator must create the deduplication security encryption key, which should only be known to the SEP sesam Server. If the encryption key is not available, the Si3 encrypted data cannot be read.
Configuring Si3 encryption
Si3 data encryption is set by creating a deduplication security password file that contains only the password. This file must then be specified in the relevant drive properties. The operating systems's own file protection services (file system permissions, encrypted file system) must be used to ensure that only the administrator and SEP sesam software can access the password file. For this, a special user running the SEP sesam service must have access to the password file.
sm_dedup_interface -d <drive_number> gc recreate all
- Create a password file that contains only the password. For example: C:/ProgramData/SEPsesam/var/ini/stpd_conf/my_dedup_store.pass.
- From Main selection -> Components, click Data Stores to display the data store contents frame.
- Select the preconfigured Si3 deduplication store and double-click it to open the properties.
- Under the Data Store properties, double-click the first drive of the Si3 deduplication store. The Drive Properties window opens.
- Under Options, specify the deduplication security password file you created before. The path to the password file must be specified with slashes, backslashes must not be used. For example:
Click OK to configure Si3 encryption. After enabling encryption, only the newly added data is encrypted. Existing data remains unencrypted by default, but can be encrypted later with the gc recreate all.
Si3 is then restarted. You can use the sm_dedup_interface to check the encryption status.