In-flight Encryption for Aux copy in 11.32

Hello @Nikos.Kyrm 

These settings will encrypt the data at rest, but if you want to encrypt in-transit data, you will need to configure a Network Tunnel between the source and destination machines.

Network Routes - https://documentation.commvault.com/v11/expert/network_routes.html

• HTTPS encryption in the tunnels. The Commvault software supports HTTPS encapsulation in all tunnel connections, which protects all data in transit by using the TLS 1.3 protocol with the replaced TLS_AES_256_GCM_SHA384 cipher suite. After a successful authentication, and based on the configuration, HTTPS traffic can be encrypted with the replaced TLS_AES_256_GCM_SHA384 cipher suite; however, if you want to save CPU cycles, you can set up connections using plain text.

Setting up a One-Way Direct Connection (Client to CommServe) Using Advanced Network Settings - https://documentation.commvault.com/v11/expert/setting_up_one_way_direct_connection_client_to_commserve_using_advanced_network_settings.html

Setting up a Two-Way Direct Connection Using Advanced Network Settings - https://documentation.commvault.com/v11/expert/setting_up_two_way_direct_connection_using_advanced_network_settings.html

Thank you,
Collin

I think 1-way or two-way are valid options, use the encrypt traffic option.

You can use Advanced Network Settings or Network topologies.

Network topology between clients and Media Agent for the primary copy and another network topology between source Media Agent from primary copy to destination Media Agent for secondary copy.

Dear all thanks a lot for your feedback,

Although this end-to-end encryption request it was particularly urgent, I opened a ticket to Commvault (Case : 240213-208).

Commvault Support confirmed that only this configuration (Enable encryption only in Primary Disk Library on the command center) will encrypt on source, network, and secondary destination copies (copy-2-Azure).