Dual Encryption question

  • 6 March 2024
  • 1 reply

Userlevel 4
Badge +14

Good day Vaulters


This question is around hardware and Commvault level encryption.


If I have encryption enabled on the Maglib (VAST storage with it’s encryption enable), what happens if encryption is enabled on Commvault? Does it try to encrypt the data on the Maglib that has the Hardware vendors encryption already in place? 

What is the effect on backup AND recovery performance in doing this?
Would it be best to leave Encryption on Commvault off in this case?


We do need to also have Encryption enabled ‘in transit’. I know that’s done with Network routes. Would there be a performance impact on operations in using this option too?


What will both layer of Encryption do to DDB sizing? I’d imagine it could cause bloat?




1 reply

Userlevel 3
Badge +6

It is best to leave CV encryption on. This will satisfy your requirement for encrypted in transit.

Performance wise its usually negligible unless using very high cipher length. You’d need to do testing to confirm based on your own data.

Should be no change in DDB size. Commvault will “see” the data as if its only encrypted by itself anyway.