Software-based encryption
is becoming a popular feature in backup software, allowing users to
encrypt any portion of a backup job and deliver the data to
virtually any disk or tape storage system, even to write-once
media. This flexible approach to encryption fits seamlessly into
most existing backup processes.
However, software-based encryption is highly
processing-intensive, and imposes a performance hit on the backup
server. This is why software-based encryption often requires
upgrading the server (or even purchasing a new one) or at the very
least creative backup planning. Software-based encryption must also
include diligent key management, to ensure that encryption keys are
protected.
The product snapshots below offer specifications for a
cross-section of encryption-capable backup software and other
encryption software. The following products were selected based on
input from industry analysts and SearchStorage.com editors.
The following specifications were provided by the vendors. They
are periodically updated and are current as of September
2007.
Vendors are welcome to submit their updates and new product
specs to sbigelow@techtarget.com.
Go to the
first
product snapshot, or select the desired product below:
Return
to the beginning
Product Snapshot
#1
-----------------------------------------------------------------------------------------------------------
Product:Asigra Inc.; Asigra Televaulting disk-to-disk
(D2D) software
Supports encryption in software::Yes
Encryption type:Up to AES-256
Encryption strengths:256 bits
Encryption targets:Both tape and disk-based backup
systems. Additionally, Asigra encrypts data in-flight during
remote-site backup operations
Compression:Yes, typical compression ratio is 4:1.
Asigra compression combines features such as global single
instancing, data de-duplication and delta blocking.
Compression before encryption:Yes
Key complexity:Asigra key management is simple and
effective with key policies based on management settings.
Key management:Asigra utilizes a key management system
to handle keys for every machine being backed up. This system
includes a backup file of keys, also encrypted, on an
administrators' machine so the information can be recovered if
something were to happen to the site's key files.
WORM media compatible:Though not designed for optical
storage environments -- Asigra does allow for the transfer of
disk-based backup data onto WORM-based storage systems
Other encryption features (if any):Besides encrypting
the data at-rest, Asigra also encrypts data in-flight for secure
remote-site data protection
System hardware requirements:Asigra is hardware agnostic
and works with all leading disk vendors
Operating system requirements:A variety of OSs are
supported, including: Windows NT, 2000, XP, 2003; Novell NetWare;
VMware; Mac OS X; IBM AIX; SUN Solaris; HP-UX; HP-Tru64 UNIX; IBM
iSeries OS-400; Red Hat Linux; Novell Suse Linux
Vendor Comment:Asigra is the technology leader in
remote-site backup and recovery software with applications for both
enterprises and managed service providers
Availability:Asigra Televaulting 7.0 is now
available
Base Cost:$11,250
Detailed Specs:http://www.asigra.com/pdf/televaulting_product_sheet.pdf
Vendor URL:www.asigra.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#2
-----------------------------------------------------------------------------------------------------------
Product:Atempo; Time Navigator
Supports encryption in software::Yes
Encryption type:AES, Triple DES, Blowfish
Encryption strengths:Up to 256 bits for AES, 168 bits
for triple DES, up to 448 bits for Blowfish
Encryption targets:VLS and any supported tape
drive
Compression:The compression method implemented in Time
Navigator is the open source LZO algorithm for real-time
applications.
Compression before encryption:Yes
Key complexity:RSA key pair, 512-2048 bits
Key management:The public/private key pair used in RSA
ciphers is managed by means of a digital certificate, conforming to
X509-V3 standard, and a password encoded private key, following
PKCS#5 recommendations.
WORM media compatible:Yes; standard tape drives (LTO,
DLT, SDLT, etc); also support UDO magneto optical, and Centera
system
Other encryption features (if any):Management of Digital
signature for tamper detection; Management of Digital Certificates
for advanced authentication; Network encryption to secure data
while in transfer from the primary storage to the backup
media
System hardware requirements:No hardware requirement for
SCM
Operating system requirements:Any supported Time
Navigator Operating System is supported (Windows, Linux, Mac OS X,
Solaris, AIX, HP-UX)
Vendor Comment:Time Navigator Security and Compliance
Manager (SCM) helps users meet increasingly stringent regulatory
requirements by providing robust data protection and advanced
security at all stages of data backup and reliable long-term
archive functionality.
Availability:Currently available
Base Cost:$7,200 for SCM base, 5 agents and 1 Tape drive
connection (Tier 3)
Detailed Specs:http://www.atempo.com/products/timeNavigator/documents/TN_SCM_EN.pdf
Vendor URL:http://www.atempo.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#3
-----------------------------------------------------------------------------------------------------------
Product:BakBone Software Inc.; NetVault: Backup
Encryption Plugin Module
Supports encryption in software::We have integrated
our own line and tape level encryption utilizing CAST –
128
Encryption type:CAST – 128
Encryption strengths:128-bit
Encryption targets:Disk and tape or both with NetVault:
Backup's integrated disk-to- disk-to-tape capabilities.
Compression:We utilize modern tape drive compression. We
also offer software compression for NetVault: Backup
VTLs.
Compression before encryption:No
Key complexity:Generated off of a 128-bit
algorithm
Key management:Customers can use the key management
software of their choice
WORM media compatible:Yes, with AIT tape
technologies
Other encryption features (if any):We work with other
line and tape-based encryption technologies.
System hardware requirements:Minimal system hardware
requirements. We recommend CPU and memory relative to the size of
the customer's environment.
Operating system requirements:Windows, Linux, Mac OS, or
Solaris
Vendor Comment:For data protection, disaster recovery
and business continuity, NetVault: Backup provides enterprise-class
data protection for complex heterogeneous environments, regardless
of size.
Availability:Currently available
Base Cost:$195.00 per client
Detailed Specs:http://www.bakbone.com/Product.aspx?id=1364
Vendor URL:http://www.bakbone.com/
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#4
-----------------------------------------------------------------------------------------------------------
Product:BitArmor Systems, Inc.; BitArmor Security
Suite
No specifications were provided by publication time.
Detailed Specs:http://www.bitarmor.com/products/encryption.php
Vendor URL:www.bitarmor.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#5
-----------------------------------------------------------------------------------------------------------
Product:CA; BrightStor ARCserve Backup
No specifications were provided by publication time.
Detailed Specs:http://www.ca.com/files/DataSheets/30509_brightstor_arcserve_windows_datasheet.pdfwww.ca.com
Vendor URL:www.ca.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#6
-----------------------------------------------------------------------------------------------------------
Product:CommVault; Galaxy Backup and Recovery
No specifications were provided by publication time.
Detailed Specs:http://www.commvault.com/backup_and_recovery.asp?sid=10136
Vendor URL:www.commvault.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#7
-----------------------------------------------------------------------------------------------------------
Product:EMC Corp.; EMC NetWorker
Supports encryption in software:Yes
Encryption type:AES
Encryption strengths:256-bit
Encryption targets:Data is sent encrypted over the wire
and stored encrypted to any supported disk/tape device
Compression:Yes -- variable compressibility -- average
3:1
Compression before encryption:No
Key complexity:The encryption key is derived from a
user-defined pass phrase. The user-defined pass phrase can be a
sentence or short, memorable paragraph.
Key management:Through its user interface, NetWorker
enables customers to maintain one current pass phrase per datazone
(backup environment). The encryption key is stored and used for
creating and recovering backups. For data backed up using prior
keys, prior pass phrases must be supplied at restore time to
successfully complete a data recovery.
WORM media compatible:Yes -- compatibility includes
SDLT, LTO-3, STK Volsafe 9x40 and DAT160
Other encryption features (if any):N/A
System hardware requirements:Varies based on amount of
data, defined performance requirements, choice of platform,
etc.
Operating system requirements:256-AES encryption
supported on UNIX and Microsoft Windows platforms
Vendor Comment:The confidentiality and integrity of
information throughout its lifecycle is increasingly difficult to
manage. EMC is dedicated to helping customers more effectively
protect critical data throughout its lifecycle -- including backup
data. For backup and recovery, the EMC NetWorker solution provides
flexible ways to protect data in heterogeneous environments,
ensuring that data is secure and delivering compliance with the
most stringent service-level objectives, even as requirements
change and grow.
Availability:Version 7.3 currently available
Base Cost:Encryption feature provided at no cost as a
feature of the NetWorker Client/Server solution
Detailed Specs:http://software.emc.com/products/software_az/networker.htm
Vendor URL:http://www.emc.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#8
-----------------------------------------------------------------------------------------------------------
Product:Hewlett-Packard Corp.; HP Data Protector
software
Supports encryption in software::Yes
Encryption type:AES
Encryption strengths:256-bit
Encryption targets:Data Protector software supports
encryption for all kind of different devices – please see the
latest support matrices at:
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00766445/c00766445.pdf.
HP Data Protector supports LTO-4 tape drives as of September 2007.
Encryption enablement and key management for LTO-4 drives is
expected to be released with a patch in December 2007. Data
Protector software 6.1 (planned release date: May 2008) will fully
include support for LTO-4 encryption technology, to be controlled
by the central key management capability in Data
Protector.
Compression:Yes, Data Protector supports compression.
Backup options can be set while a new backup specification is
created. Software compression is done by the client CPU when
reading data from a disk, reducing the data that is sent over the
network.
Compression before encryption:No
Key complexity:Key management provides the foundation
for the secure generation, storage, distribution, and destruction
of keys, further more the proper management of cryptographic keys
is essential to the effective use of cryptography for security. If
key management is properly used, data can not be read on the backup
tape or during network transmission without owning the matching
key.
Key management:The integration with Data Protector
enables simplified application and management, allowing to generate
secure keys automatically and to also distribute the software
automatically to the client. There is one fully scrambled key file
per Cell Manager or Disk Agent, meaning that it is not readable by
anyone without administrative privileges. Since this file contains
sensitive information its access permissions must be set quite
restrictive.
WORM media compatible:Data Protector 6.0 supports STK
VolSafe WORM media on all supported platforms with the STK9840 tape
drive. HP LTO WORM media is supported on HP-UX, Linux, Solaris,
Tru64 and OpenVMS.
Other encryption features (if any):Data Protector
enables transparent restore from mirror, Object Copy (D2D2T) and
backup chains. Transparent restore means that the restore from a
mirror, copy, synthetic full/virtual full, and backup chains works
in the same way as a restore from a normal
full/incremental/differential backup.
System hardware requirements:See
http://www.hp.com/support/manuals for details on hardware
requirements.
Operating system requirements:See
http://www.hp.com/support/manuals for details on supported
operating systems for the Cell Manager.
Vendor Comment:Data Protector software allows customers
to increase the efficiency of backup and recovery procedures by
delivering fully automated and reliable backup solutions, combining
advanced features with simple and affordable licensing, plus
best-in-class customer support.
Availability:Version 6.0 currently available
Base Cost:Basic list pricing for a Windows Starter Pack,
incl. support: $1,390
Detailed Specs:www.hp.com/go/dataprotector
Vendor URL:www.hp.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#9
-----------------------------------------------------------------------------------------------------------
Product:IBM; IBM Continuous Data Protection for
Files
Supports encryption in software::Yes
Encryption type:AES
Encryption strengths:128-bit
Encryption targets:Supports a variety of target devices,
mostly file-structured devices, including IBM TSM server
Compression:Yes, ordinary compression
Compression before encryption:CDP for Files does not
support compression with encryption
Key complexity:The user creates a Pass phrase
Key management:Key management is local, User is required
to remember the key, but cache it locally, encrypted
WORM media compatible:No; CDP for Files needs
re-writable media targets
Other encryption features (if any):N/A
System hardware requirements:An Intel Pentium III
processor with 500 MHz CPU or higher, 384 MB RAM or higher, 100 MB
free disk space (plus user-configured amount of additional space
for local file repository), 20 MB download, 40 MB install
footprint
Operating system requirements:Microsoft Windows 2000
Professional, Advanced Server, SP2 or later (x86-32); Windows 2003
Server, Standard, Enterprise, SP1 (x86-32); Windows XP
Professional, SP1 or later (x86-32); Windows Vista Ultimate,
Business (x86-32)
Vendor Comment:IBM's CDP for Files software provides
real-time transparent user-file backup by continuously protecting
information from computer viruses, file corruption, accidental
deletion and theft. IBM CDP for Files acts as "data safety net" by
capturing and saving changes to documents instantaneously with the
ability to send a copy of the information to a backup target for
double protection -- all within milliseconds. With just a few
clicks of the mouse, users can restore information that would
otherwise be lost.
Availability:Currently available through retailers
including CompUSA, Staples and Circuit City or through
www.ibm.com
Base Cost:$42
Detailed Specs:http://www-306.ibm.com/software/tivoli/products/continuous-data-protection/
Vendor URL:www.ibm.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#10
-----------------------------------------------------------------------------------------------------------
Product:IBM; Tivoli Storage Manager (TSM)
v5.4
Supports encryption in software::Yes
Encryption type:Hardware and software
Encryption strengths:Software encryption: 128-bit AES,
DES 56-bit; Tape drive encryption: 256-bit AES
Encryption targets:Software data encryption occurs on
the Tivoli Storage Manager client or API client prior to the data
being sent to the Tivoli Storage Manager server's disk, tape or
optical storage pools. Or the data (that is being written directly,
or that is being migrated from another disk/tape/optical storage
pool) can be encrypted, using tape drive encryption, when it is
written to the tape drives.
Compression:Tivoli Storage Manager client or API client
supports compression. The compression ratio depends on the type of
data being compressed.
Compression before encryption:The Tivoli Storage Manager
client and API client compress the data prior to encrypting it, and
prior to it being sent over the network to the Tivoli Storage
Manager server's disk tape or optical storage pools. Tivoli Storage
Manager client and API client compression also occurs before tape
drive encryption.
Key complexity:The TSM client and API client data
encryption key is derived from a character password that is
supplied by the user or randomly generated by TSM. The tape drive
data encryption key is randomly generated by the TSM
server.
Key management:Tivoli Storage Manger client and API
client data encryption key password is either user managed or
stored and managed as metadata in the TSM database. The tape drive
data encryption key is stored and managed as metadata in the TSM
database.
WORM media compatible:Yes, Tivoli Storage Manager client
and API client encryption and tape drive encryption are compatible
with WORM media.
Other encryption features (if any):Tivoli Storage
Manager was the first data protection software deliver
complimentary application managed encryption when using the IBM
System Storage TS1120, the industry's first fully-encrypting tape
drive.
System hardware requirements:http://www.ibm.com/software/tivoli/products/storage-mgr/platforms.html
Operating system requirements:http://www.ibm.com/software/tivoli/products/storage-mgr/platforms.html
Vendor Comment:IBM Tivoli Storage Manager enables you
to protect your organization's data from failures and other errors
by storing backup, archive, space management and bare-metal restore
data, as well as compliance and disaster-recovery data in a
hierarchy of offline storage. Because it is highly scalable, Tivoli
Storage Manager can help protect computers running a variety of
different operating systems, on hardware ranging from notebooks to
mainframe computers and connected together through the Internet,
wide area networks (WANs), local area networks (LANs) or storage
area networks (SANs).
Availability:Currently available through
www.ibm.com
Base Cost:N/A; Encryption is provided at no extra cost
with Tivoli Storage Manager
Detailed Specs:http://www-306.ibm.com/software/tivoli/products/storage-mgr/
Vendor URL:www.ibm.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#11
-----------------------------------------------------------------------------------------------------------
Product:PGP Corp.; PGP Encryption Platform
Supports encryption in software::Yes
Encryption type:AES (up to 256-bit keys), CAST5,
TripleDES, IDEA, Twofish, Blowfish, Arc4 (128-bit keys)
Encryption strengths:Strengths vary, but examplea
include AES 256 bit encryption
Encryption targets:PGP encryption applications protect
stored enterprise data on file servers, tapes, and other storage
devices and systems.
Compression:Zip, BZip2, ZLib
Compression before encryption:Yes; compression is
performed seamlessly and automatically as data is
encryption.
Key complexity:The PGP Encryption Platform supports
complex keys up to 4096 RSA or Diffie-Helmman keys
Key management:N/A
WORM media compatible:Not specific to any certain media
or storage
Other encryption features (if any):The PGP Encryption
Platform reduces the complexities of protecting business data by
enabling organizations to deploy and manage multiple encryption
applications cost-effectively from a single management console.
Deployed with the first encryption application, the PGP Encryption
Platform makes installing a separate or additional infrastructure
unnecessary when the organization needs other encryption
applications.
System hardware requirements:Minimal free space and
memory required
Operating system requirements:Windows, Mac OS X, UNIX
(AIX, HP/UX, Solaris), Linux (Red Hat, Fedora), OS/400, z/OS,
i5/OS, OS/400
Vendor Comment:The PGP Encryption Platform provides a
strategic enterprise encryption framework for shared user and key
management, policy, and provisioning automated across multiple,
integrated encryption applications. Integrated PGP Corporation and
third-party encryption applications enable organizations to deploy
automated encryption as needed with the data security functions
required to solve the business requirement.
Availability:Currently available
Base Cost:Starts at $62 per application (annual
subscription – perpetual license option available)
Detailed Specs:http://www.pgp.com/products/platform/tech_specs.html and
http://www.pgp.com/products/commandline/servers/techspecs.html
Vendor URL:http://www.pgp.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#12
-----------------------------------------------------------------------------------------------------------
Product:Symantec Corp.; Backup Exec for Windows
Servers
Supports encryption in software::Yes
Encryption type:AES
Encryption strengths:128 or 256 bit
Encryption targets:Target can be any disk or tape target
that Backup Exec can write to
Compression:Yes
Compression before encryption:Yes, we give you the
ability to compress before encrypting
Key complexity:Key can be as simple or complex as the
Admin desires
Key management:Key is managed by the
Administrator
WORM media compatible:Yes
Other encryption features (if any):N/A
System hardware requirements:256MB RAM (512
recommended), minimum 696MB disk space (805 with all
Agents/Options), NIC, CD-ROM Drive and at least one storage media
drive (disk or tape)
Operating system requirements:Windows 2000, 2003, XP
& 2003 Small Business Server (32 & 64-bit)
Vendor Comment:N/A
Availability:Encryption was introduced in Backup Exec
11d
Base Cost:Free with the core product
Detailed Specs:Not provided
Vendor URL:www.backupexec.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#13
-----------------------------------------------------------------------------------------------------------
Product:Symantec Corp.; Veritas NetBackup/NetBackup
PureDisk
Supports encryption in software::Yes
Encryption type:Veritas NetBackup supports 2 different
types of encryption: Client Encryption, which has been out for
several years. New with NetBackup 6.5 is that it is now bundled
into the NetBackup Standard Client (and no longer an extra
chargeable option), and Media Server Encryption Option (MSEO),
which released late last year and is available for NetBackup 5.1,
6.0 & 6.5 environments. NetBackup PureDisk supports
client-based encryption. The PureDisk data deduplication process
significantly reduces the amount of data to backup, which
significantly reduces the amount of data to encrypt.
Encryption strengths:NetBackup Client Encryption: DES:
40, 56 & 112 (2 Triple Key DES); AES: 128 & 256; Blowfish
128; NetBackup MSEO: AES 128-bit & 256-bit; NetBackup PureDisk:
Blowfish 256-bit
Encryption targets:NetBackup Client Encryption: disk and
tape; NetBackup MSEO: tape; NetBackup PureDisk: disk
Compression:NetBackup Client Encryption: Yes. Customers
can use the NetBackup client compression feature; NetBackup MSEO:
Yes. MSEO offers a choice of 3 compression algorithms LZRW3, LZO1X,
TXT85.ENG; NetBackup PureDisk: Yes. PureDisk performs data
deduplication on the data. Customers can optionally compress and
encrypt data based on individual data selections (i.e.,
policies)
Compression before encryption:Yes. Compression is
optionally available and highly recommended with NetBackup and
NetBackup PureDisk. It's always good to compress prior to
encrypting due to the random bit patterns associated with encrypted
data which makes it impossible to compress after the encryption
process.
Key complexity:NetBackup Client Encryption: uses a
manual pass/phrase process; NetBackup MSEO: uses different keys for
different policies and RSA public/private key pairs; NetBackup
PureDisk: As part of the deduplication backup process PureDisk
creates a fingerprint of file segments using a hash algorithm. This
fingerprint becomes the basis for the encryption key. Therefore
every segment of a file has a different encryption key.
Key management:NetBackup Client Encryption: uses a
manual pass/phrase process; NetBackup MSEO has centralized and
automated "set it and forget it" key management. When the MSEO
Security Server (installed on the NetBackup Master Server) receives
a backup request, it generates a new random AES 128 or 256-bit
Backup Encryption Key (BEK) for each backup job. Based on the
established MSEO policy, it retrieves the group of RSA public keys
to be used to encrypt the BEK. It then returns the BEK with each
public key back to the MSEO agent; NetBackup PureDisk has key
management integrated into the catalog (i.e., PureDisk metabase).
Data can not be recovered without the metabase therefore the
encryption keys can not be lost. Role based user-access and
directory authentication (LDAP and Active Directory) control access
to the PureDisk application.
WORM media compatible:Yes, several WORM compatible
drives are supported with NetBackup. Please refer to the NetBackup
HCL at
http://ftp.support.veritas.com/pub/support/products/NetBackup_Enterprise_Server/284599.pdf
Other encryption features (if any):NetBackup MSEO offers
customers a cost-effective, non-disruptive and flexible approach to
compressing and encrypting data to ensure tape media is secure.
Because encryption is part of the NetBackup policy, there is no
major change to their backup process, nor any dedicated devices to
manage. NetBackup PureDisk offers the Data Lock feature which
provides an additional level of security by allowing end-users to
apply their own password to backup data selections. The data can be
backed up and moved, but it can not be browsed or restored without
the password. This feature has been used by service providers who
use PureDisk to offer backup services and by individual
companies.
System hardware requirements:Please refer to the
NetBackup HCL at
http://ftp.support.veritas.com/pub/support/products/NetBackup_Enterprise_Server/284599.pdf
Operating system requirements:NetBackup Client
Encryption: Windows, UNIX, Linux, Solaris x64, OpenVMS, Mac OS X,
NetWare and Free BSD; NetBackup MSEO: Windows and Solaris (Media
Server), client support is the same as the NetBackup Client
Encryption; NetBackup PureDisk: Client-based encryption support for
Windows, UNIX, Linux
Vendor Comment:Customers have several choices of
encryption points to safeguard their backup data: at the
client/source, at the media server and/or with hardware (inline
encryption devices or encrypted tape drives). Veritas NetBackup
supports all to provide customers an option to choose what works
best for their environment.
Availability:Currently available
Base Cost:NetBackup Client Encryption: included with the
NetBackup Standard Client – MSRP of $595 per client; NetBackup
MSEO: consists of two purchased license components: the Key
Management Server – MSRP $10,000 (one required); and per NetBackup
media server where pricing is tiered based on server type, MSRP
price starts at $2,500. NetBackup PureDisk: included with the
PureDisk Standard Client – MSRP of $595 per client.
Detailed Specs:http://ftp.support.veritas.com/pub/support/products/NetBackup_Enterprise_Server/290226.pdf
Vendor URL:www.symantec.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#14
-----------------------------------------------------------------------------------------------------------
Product:Syncsort Inc.; Backup Express
No specifications were provided by publication time.
Detailed Specs:http://www.syncsort.com/products/bex/home.htm
Vendor URL:www.syncsort.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------
Product Snapshot
#15
-----------------------------------------------------------------------------------------------------------
Product:Yosemite Technologies Inc.; Yosemite Backup:
Standard Master Server
No specifications were provided by publication time.
Detailed Specs:http://www.yosemitetech.com/cnt/products/server-products/standard.htm
Vendor URL:www.yosemitetech.com
Go
to beginning
-----------------------------------------------------------------------------------------------------------