Skip to main content
commvault.com commvault.com
Solved

Encryption on S3 and data transmission

  • February 14, 2022
  • 4 replies
  • 368 views
Melissa Adams
Commvault Certified Expert
Forum|alt.badge.img+8

Hey all - we are using encryption on our S3 library in AWS.  Is it a best practice to also enable software encryption on the primary copy?  For the encryption of the backup data going to S3, is there a specific encryption type I can find somewhere that is in use?

 

This is in my storage policy Primary copy properties.
 

This is just an example of where I found the setting….

 

 

Best answer by Mike Struening RETIRED

Yup, you can mandate it at the CommCell level:

https://documentation.commvault.com/11.24/expert/125170_encrypting_network_traffic_at_commcell_level.html

For anyone following along, here’s the main encryption overview page as well:

https://documentation.commvault.com/11.25/expert/7764_software_encryption.html

View original
Did this answer your question?
If you have a question or comment, please create a topic

4 replies

Mike Struening
Vaulter
Forum|alt.badge.img+23

@Melissa Adams , if you are concerned about on prem security as well, then you should encrypt the Primary copy.  There’s no conflict between that an an encrypted S3 Aux copy.

Is the S3 encrypted by CV, or by AWS?

Can you clarify what you mean about the specific encryption type?

https://www.linkedin.com/in/michael-struening
Onno van den Berg
Commvault Certified Expert
Forum|alt.badge.img+20
  • Onno van den BergCommvault Certified Expert
  • Commvault Certified Expert
  • 1264 replies
  • February 14, 2022

@Melissa Adams I would always enable Commvault encryption as well and as Mike said it will not conflict. The encryption type might be set on CommCell level (control panel → system → encryption) or can be set also on storage policy level. 

Mike Struening
1 person likes this
  • Mike Struening
    Mike Struening
Melissa Adams
Commvault Certified Expert
Forum|alt.badge.img+8
  • Melissa AdamsCommvault Certified Expert
  • Author
  • Commvault Certified Expert
  • 27 replies
  • February 15, 2022

@Mike Struening Both the primary and the aux are going to encrypted S3 buckets.  We do not have a primary copy on premises at this time.  Primary is S3-IA and secondary copy is combined tiers S3-IA/Glacier (90 days).  Hope that helps clarify.  IF this was just a normal storage array on prem we would enable encryption.  Also, traffic is always encrypted, correct?

Thanks!

Mike Struening
Vaulter
Forum|alt.badge.img+23

Yup, you can mandate it at the CommCell level:

https://documentation.commvault.com/11.24/expert/125170_encrypting_network_traffic_at_commcell_level.html

For anyone following along, here’s the main encryption overview page as well:

https://documentation.commvault.com/11.25/expert/7764_software_encryption.html

https://www.linkedin.com/in/michael-struening
Onno van den Berg
1 person likes this
  • Onno van den Berg
    Onno van den Berg

Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings