Skip to main content

Hi together,

I would like to understand how encryption works in detail.

The situation: I am using client side encryption (at the source) and I want to use encrypted (or authenticated) network traffic between client and media agent.

When I am using encrypted network traffic, all information (backup data and meta data … i.e. index, jobsresults) is encrpyted at the source (client) and decrypted at the target (media agent).

The encryption/decryption is consuming CPU … of course.

Does Commvault indentify that the backup data is already encrypted in this situation … or will the data be encrypted a second time for the network traffic … wasting my CPU? Or is Commvault only encrypting the meta-data for the network traffic?

Best regards.

Michael

  

 

 

Hello @Michael Seickert 

When using Client-side (Agent-side) encryption the data is encrypted on the client, transmitted encrypted over the network, and written to storage encrypted. The encrypted data from the source does not get “double-encrypted” when in transit over the network.

 

Subclient Properties (Encryption) - https://documentation.commvault.com/2023e/expert/subclient_properties_encryption.html

Network and Media (Agent Side)

When selected, for data protection operations, data is encrypted before transmission and is stored encrypted on the media. During data recovery operations, data is decrypted by the client.

 

Thank you,
Collin


Hi Collin,

 

thank you for this clarification. No double encrpytion 🙂.

 

Best regards. Michael


Reply