Metallic - Allow owners to enable data encryption - what is it?

Hello @ehfortin , and welcome to our community!

The Prevent admin access to company data option is exactly what you are looking for.  Let’s start with that option and how it works:

You can enable privacy for your company so that the CommCell administrator cannot view or download your company data. For example, if you are a tenant administrator, you can enable privacy for your company so that the MSP (Managed Service Provider) administrator cannot access your data.

This is a convenient, top level setting that will solve your concern in one shot.

https://documentation.commvault.com/11.24/essential/97917_preventing_administrators_from_accessing_company_data.html

I’m going to reach out to our documentation team about the Allow owners to enable data encryption option docs, though this allows customers to encrypt their data if they so choose.  Based on your need, you want to ensure that no one can read tenant data except the tenant, and you’d then be dependent on each server/app being encrypted and having to set this going forward, etc.

Edit: I found the page.  the setting is referred to as privacy, not encryption.  Working with the docs team to ensure this is all on the Metallic docs site as well!

https://documentation.commvault.com/11.26/essential/97847_privacy.html

It’s a nice feature, but not really scalable for your use case.  I would suggest going for the first option which will protect you in one easy step for good.

Let me know if this helps!

Hi @ehfortin, who is the MSP you are working with on this?  I can work to provide some additional guidance for you.

Hi @Justin_ ,

Actually, I asked the question as one of our prospect customer did as I was unable to find the information. We are looking to offer this customer a subscription to Metallic and they want us to manage their backup. So, for the backup, we will be their MSP but we won’t be the Metallic MSP as we are not configured yet to do L1 support, 24h support and to reach the financial goal that are associated with it. So, we will resell the Metallic service and act as the admin backup.

The way I understand Mike answer is that the privacy option won’t protect the customer from us as we are the backup admin, not the MSP. So we would be like any internal backup admin.

Would the second option allow a client owners to protect his data from the company backup administrators? If not, how can I manage the account of a customer and protect them from my team if ever somebody was to try to access to their data?

The customer also want us to present them a scenario where we would be the MSP for their tenant on CommVault Core. My understanding is that as we would be also the backup administrator for them, the privacy option would not be what we are looking for either. Is that correct? Then we would have to revert to the same second option, right?

Thank you.

ehfortin

Hello @Mike Struening,

I’ve looked all over the place regarding the two features you wrote about. It seems that the “Prevent admin access to company data” and “Allow owners to enable data privacy” are not available under Metallic. The toggle are there but the privacy feature has to be enabled at the CommCell level for those to be effective. That’s what I’ve been told by the product manager.

As the toggle are there, I tried hard to have those having an effect before I was confirmed this a few hours ago.

Regarding the “Allow owners to enable data privacy”, I wanted to follow the step but it seems we have to connect to the CommCell and assign a owner to the server and from there, that owner will be able to activate the feature on it and provide a password so that any backup admin that try to do a restore of the data will be denied except if he provide the password. So, that should work with Commvault core but it seems that Metallic is not offering it yet.

If you have any idea of how I could demonstrate to a customer that there is a way for them to insure the privacy of their data while we would be the backup admin for them, it would be great.

Thank you.

ehfortin

Thanks for the update, @ehfortin !  Admittedly, I found the described option in our Core documentation.  Let me reach out to some of the Product Managers to see what options you can utilize to get the same effect.

Hi Mike,

I’m interested on this too …. looking forward to the clarification.

regards,

Markus