+1
IHAC who has a requirement to encrypt all data in-transit for CV. They use encrypted disks so they only want to encrypt data in transit for all clients. There does not appear to be any way to do that globally.
2 questions…..
Thanks,
Phil
+17
Hi
Encryption in transit can be accomplished in 2 ways:
- Use a plan/storage policy with deduplication, the global deduplication policy will enforce the cypher selected. With default settings a client will encrypt before transmitting data.
- Configure all clients in an encrypted network tunnel, next to the data blocks you will be transporting via an https tunnel, this encrypting all traffic.
Both scenarios assuming you are not performing network transport based VM backup such as NBD with a VSA running on physical hardware or a platform other than the hypervisor where the to be backed up VM is running. Because then the connection between the VSA and the hypervisor might not act as required.
If you have any questions let us know ;)
+1
So there are VM’s being backed up using HA. The question then becomes the aux copy to DR site from MA to MA would not be encrypted since the data was read off the encrypted HW would be automatically decypted. Can we just turn on Aux encryption with no risk of damage to the data even if it sits on encrypted HW? I have been told that is not an issue. So we could use that?
+17
Yes you can use encryption on the aux copy, this should work fine but will create overhead as you are using encryption on HW level and on chunk level.
I would just configure an encrypted tunnel between the MA's, then you won’t affect the data, only the tunnel.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
