Solved

Encryption on S3 and data transmission

  • 14 February 2022
  • 4 replies
  • 306 views

Userlevel 2
Badge +8

Hey all - we are using encryption on our S3 library in AWS.  Is it a best practice to also enable software encryption on the primary copy?  For the encryption of the backup data going to S3, is there a specific encryption type I can find somewhere that is in use?

 

This is in my storage policy Primary copy properties.
 

This is just an example of where I found the setting….

 

 

icon

Best answer by Mike Struening RETIRED 15 February 2022, 17:29

View original

If you have a question or comment, please create a topic

4 replies

Userlevel 7
Badge +23

@Melissa Adams , if you are concerned about on prem security as well, then you should encrypt the Primary copy.  There’s no conflict between that an an encrypted S3 Aux copy.

Is the S3 encrypted by CV, or by AWS?

Can you clarify what you mean about the specific encryption type?

Userlevel 7
Badge +19

@Melissa Adams I would always enable Commvault encryption as well and as Mike said it will not conflict. The encryption type might be set on CommCell level (control panel → system → encryption) or can be set also on storage policy level. 

Userlevel 2
Badge +8

@Mike Struening Both the primary and the aux are going to encrypted S3 buckets.  We do not have a primary copy on premises at this time.  Primary is S3-IA and secondary copy is combined tiers S3-IA/Glacier (90 days).  Hope that helps clarify.  IF this was just a normal storage array on prem we would enable encryption.  Also, traffic is always encrypted, correct?

Thanks!

Userlevel 7
Badge +23

Yup, you can mandate it at the CommCell level:

https://documentation.commvault.com/11.24/expert/125170_encrypting_network_traffic_at_commcell_level.html

For anyone following along, here’s the main encryption overview page as well:

https://documentation.commvault.com/11.25/expert/7764_software_encryption.html