Product Reviews

Companies maintaining personal or sensitive data on their network have a legal obligation to ensure its safety, but the number and variety of security holes that need plugging can create a big headache. The list of threats seems endless, but how many administrators think to include backup in their equations? Any decent backup strategy will include off-site storage, but if the media is lost or intercepted en route it can be easily restored if it isn't protected.

Paranoia2 tackles this knotty problem by providing on-the-fly encryption for data being backed up to a tape drive. It's designed to sit in between the drive and host system and functions transparently so there's no requirement for any modifications to existing systems. As data passes through, the appliance buffers it internally, encrypts it and sends it on its way. The product provides high levels of security as, along with offering dual interlaced DES and 3DES standards, it uses an encryption chip that's unique to each appliance. Combine this with the encryption keys provided by the user and you have a system that works only if both components are present. The appliance is also shipped with a duplicate chip, which must be securely stored off-site along with the user keys. In the event of a disaster, a new appliance will be sent out immediately and the spare chip placed in it, allowing

ADVERTISEMENT

encrypted data to be restored.

Installation is indeed a simple task, and we had no problems placing the appliance in between a Windows Server 2003 system running CA's ARCserve 11.5 and an HP Ultrium LTO-2 tape drive. It's designed to look after a single SCSI tape drive, but can be cabled up to work with a library. As far as our test server was concerned, the drive was still attached locally, allowing all backup operations to continue unaffected. The appliance can be accessed via a local serial port connection using the bundled Parasoft utility. On loading, this checks the appliance over and provides a simple interface for password-protecting the appliance and setting up encryption. For the latter, you can choose from eight encryption schemes, which require from 24- to 32-character length keys to be input. On completion, you hit the large button in the middle to activate encryption and that's all there is to it.

During testing, we found performance will be determined by the encryption scheme selected. Initially, we secured 7GB of test data with the drive direct-attached to the server, whereupon ARCserve reported a baseline throughput of 25.4MB/sec. With the Paranoia2 in place, but its encryption switched off, this rose to 30.4MB/sec, showing its buffering capabilities working well. Next, we activated DES encryption, which reduced performance to 21MB/sec, while 3DES reduced this further to only 12.7MB/sec. We then removed the tape drive and connected it to another server running ARCserve and found that the encrypted tape wasn't recognised by the software, so without the Paranoia2 in place the media was unusable.

The meagre hardware specification means backup performance will take a big hit if you want the full 3DES encryption. Nevertheless, companies waking up to the fact that data protection must extend beyond their four walls and out to off-site storage will find the Paranoia2 a very simple, easily deployed system.