Skip to main content

 

Hello,

 

I am updating some our documentation on our best practices to securely delete files from file server's backups.

The file server backups in questions are only stored on a primary copy residing on tape, encrypted via AES 256 per the storage policy, and using the built in key management server. Normally if we need to delete a file, we follow the documentation  and use the delete data by browsing option.

 

For clarification, if I use the "delete data by browsing option" and delete a file that resides offsite on tape, there is no way to recover that file, correct? There is no way to "Un-Age" or catalog operation on the tape I could perform if I were to insert it back into my tape library? I assume that the CommCell destroys the indexed data/encryption keys associated with that file and cannot read that block of data on the tape?

 

Recently I noticed an option in the CommCell browser where I can delete content of an entire tape. Storage Resources > Libraries > Tape Library > Media By Location > Media In Library > Right Click on a Tape >All Tasks >delete Contents

If there is a way to "undelete from tape in the comcell", would I also have to do that as well? I would prefer not as that would double our work and remove all of the other files stored on the tapes.

Is there any background info or whitepapers on how the "delete data by browsing" option works in the backend of the commserve?

Hi @Kyle32043 

Looking at tapes in general, when backups are removed the index is removed from the database and data remains directly available on the tape until either:

  • The data block is overwritten, or
  • The tape header is overwritten

This does not mean that data might be recovered with certain Data Recovery services/methods. In this scenario the data will still be recovered in an encrypted state and thus not directly readable.

 

Looking at the Commvault specific side.
As per my understanding of the Commvault encryption process there are several keys in place:

  • The master key
  • The KEK for the Storage Pool
  • The DEK for the Client

So as far as I can interpret, assuming we leave hardware based tape encryption out of the equation and the tape is not overwritten, there is no file specific key and thus with help of support the data might be able to be retrieved as long as the storage pool and client configuration are not deleted.

This could be done by staging a Commserve DR SET which was made at a point in time where the backup was not deleted yet and access the library + tape from that setup OR support can extract and import data from an older DR SET into the current Commserve and you can restore using your default methods.


Reply