Skip to main content
commvault.com commvault.com
Solved

Can DDB Backups be encrypted?

J
Bit
Forum|alt.badge.img+1

Hello,

 

I am enabling encryption for my backup data per new requirement by enabling it through the storage policy copy encryption setting.  After subsequent backup jobs have completed I have verified encryption to the backup data is set from the storage policy copy report.  I do not see an indication that the DDB backups are encrypted.    Do they need to be encrypted?  This is a requirement by our auditors and they will see this in the report like I did and might ask me why the DDB backups are excluded.

Thanks.

Best answer by Mike Struening RETIRED

That’s right, @JoeT .  And to confirm what my dear friend @Hyder said, the DDB is only needed for backups and data aging, not restores.

View original
Did this answer your question?
If you have a question or comment, please create a topic

7 replies

Mike Struening
Vaulter
Forum|alt.badge.img+23

@JoeT , I don’t know that they can’t be encrypted, though you likely have to enable this at the client level (treating the Media Agent as a client in this case).

Can you see if the MA as a client shows Encryption enabled?

https://www.linkedin.com/in/michael-struening
J
Bit
Forum|alt.badge.img+1
  • JoeT
  • Author
  • Bit
  • 2 replies
  • March 2, 2022

Hi Mike,

Thanks for the quick response.  Yes I do have the MA setup with encryption using the same algorithm as it is in the storage policy.   I have been testing individual MAs and clients this way enabling them first before enabling encryption through the storage policy.  I can’t remember seeing whether the DDB backup was indicating as encrypted from the storage policy report when I only had the MA encryption set.  I do have another MA that is not currently set.  I will set that one at the MA level only and see if it encrypts the DDB backup.

Thanks.

Hyder
Vaulter
Forum|alt.badge.img+8
  • HyderVaulter
  • Vaulter
  • 86 replies
  • March 2, 2022

If the requirement is only for the backups to be encrypted, lets just say that DDB got into the wrong hands, there’s no “data” so-to-say that’s in the DDB which is doing block-tracking in a sense, that someone could grab and get a hold of your files and folders

Mike Struening
Vaulter
Forum|alt.badge.img+23

@Hyder is 100% correct.  The DDB is a list of block IDs, references per ID, and any file we can delete.

It is absolutely useless in any other context.

https://www.linkedin.com/in/michael-struening
Hyder
Vaulter
Forum|alt.badge.img+8
  • HyderVaulter
  • Vaulter
  • 86 replies
  • March 2, 2022

@Mike Struening and still the case where its not required for restore purposes for DR scenarios as well correct?

J
Bit
Forum|alt.badge.img+1
  • JoeT
  • Author
  • Bit
  • 2 replies
  • March 2, 2022

Thanks everyone as I understand there is no need to encrypt the DDB backup data because in no way contains any company data, it is just pointers to the blocks stored in the disk library that contain the company data which is encrypted and deduplicated.

Mike Struening
1 person likes this
  • Mike Struening
    Mike Struening
Mike Struening
Vaulter
Forum|alt.badge.img+23

That’s right, @JoeT .  And to confirm what my dear friend @Hyder said, the DDB is only needed for backups and data aging, not restores.

https://www.linkedin.com/in/michael-struening

Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings