03-21-2013 05:32 PM
Looking through the documents i can't seem to see a "How to" guide on implementing encrypting backups.
As i understand there are 2 methods of encryption. Drive-based encryption which is hardware based and encrypts the backup straight to tape but requires LTO4 or LTO5. This is not applicable to us as we unfortunately still use LTO2 drives.
So the only option is Software encryption. As i understand you can encrypt the connection between the Client and the Cell server AND you can encrypt the data before it's written to disk. Do both options require licencing?
Also where do i set the encryptrion? Within the Client properties i can see Encrypted control communication which when ticked shows the certifcate chain etc and you can turn that on. I assume this is the encrypting the connection between the client and the cell manager. With this enabled does this only encrypt the data being transfered to the cell manager but it's decrypted and written to tape unencrypted? Or is it encrypted onto tape as well?
There's also the option within the backup specification under options > filesystem options > advanced > other > data security - here you can select none, 256AES, encode. Is this option the software encryption to tape?
Any help is appreciated
03-21-2013 10:17 PM
Yes its software encryption.
Option value: AES 256-bit
Select this option to enable software encryption to protect your data. Data is encrypted before it is transferred over the network and before it is written to media."
03-21-2013 11:03 PM
yes it requires a license per client you want to have the encryption for. Please keep in mind that communication at all (the control commands) do not need the encryption license, it can be enabled as a feature. Only when backed up data needs to be encryptes as well you have to order this license.
Please assign Kudos - How to assign...
03-22-2013 05:00 AM
I think that the encryption will prevent the hardware compression in the tape drive from working. You might want to consider enabling software compression to combat this.
03-24-2013 09:43 PM
The licence is needed for the source encryption of data that is to be sent to a Media Agent. As has already been mentioned by others, encrypting communication channels (ECC) does not need the licence.