Skip to main content
Solved

How is backup encryption handled ?


Forum|alt.badge.img+11

Hi guys,
I’m struggeling with encryption in a mixed environment.

On the GlobalDedupePolicyCopy, I did not activate encryption.
on the Client Advanced Property I enable encryption
on the subClient Property I enable encryption on Network & Media.

executed Jobs are listed as ecryption enabled.

  • does this mean, that the backups have been encrypted ?
  • are the backups deduplicated against unencrypted backups within the same StoragePolicy ? (which might result in a mix of encrypted and unencrypted data for the same job)
  • Since encryption is defined in the GDP and I already have two DDB partitions per MediaAgent, do I have to deploy additional MediaAgents to host the dedicated encryption backups, in case I want to enable that on the Storage Policy ?

best regards
Klaus

Best answer by MichaelCapon

Hello Klaus,

Can you confirm which Agent type this is for? - Usually (depending on Agent/Configuration) the data is Compressed, Deduplicated and then encrypted (where applicable).

Do you see any stats in the Agent logs for encryption?

 

From the “Jobs in Storage Policy Copies Report” you should be able to validate if he job is encrypted. ref: https://documentation.commvault.com/commvault/v11/article?p=105328.htm

 

Best Regards,

Michael

View original
Did this answer your question?

5 replies

MichaelCapon
Vaulter
Forum|alt.badge.img+14
  • Vaulter
  • 349 replies
  • Answer
  • July 22, 2021

Hello Klaus,

Can you confirm which Agent type this is for? - Usually (depending on Agent/Configuration) the data is Compressed, Deduplicated and then encrypted (where applicable).

Do you see any stats in the Agent logs for encryption?

 

From the “Jobs in Storage Policy Copies Report” you should be able to validate if he job is encrypted. ref: https://documentation.commvault.com/commvault/v11/article?p=105328.htm

 

Best Regards,

Michael


Forum|alt.badge.img+11
  • Author
  • Byte
  • 87 replies
  • July 22, 2021

Hi @MichaelCapon ,
I’m using a wide range of agents.
Virtual Server Agents, multiple database types, NAS ….

I can see the jobs marked as encrypted in the JobsInStoragePolicyCopy report.

for the VirtualServerAgent, this is only available AFTER the first backup of a VM, because the VMs Client Ressource has to be encryption enabled as well to see the job as encrypted in the JobsInStoragePolicyCopy report.

this results in a procedure : backup a VM; modify VM client resource; delete first backupjob in all copies; redo an initial backup of that VM.
The settings added at the Virtualization Client (vCenter) are not automatically honored for the content (VMs).

and since I still think, that encryption is done after dedupe hash generation, the blocks might not be stored encrypted, if already stored unencrypted in the StoragePolicy through a non encrypted backup of another VM.

Best Regards
Klaus


Forum|alt.badge.img+11
  • Author
  • Byte
  • 87 replies
  • July 22, 2021

unfortunatly my answer was blocked due to content, I’m not aware of.
maybe it will be visible within the next 24hrs


Mike Struening
Vaulter
Forum|alt.badge.img+23

@johanningk , your reply was set to pending.  I’m not sure why just yet, though I approved it.

edit: As I suspected after looking at your post, the word ‘hash’ was flagged….I removed that from the list of suspicious words as it has a valid meaning in IT :nerd:


Mike Struening
Vaulter
Forum|alt.badge.img+23

@johanningk , following up on this (after the blocked reply) to see if you had any further questions.


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings