+11When encryption is enabled on storage-policy or client or sub-client :
Does the data is encrypted on source clients and then encrypted data is transferred on network and stored as it is in backup library OR the unencrypted data is transferred over network and encryption happens at media agent side before storing the data in library .
Best answer by Mike Struening RETIRED
Hey
Much of it is spelled out here:
https://documentation.commvault.com/11.25/expert/7764_software_encryption.html
Depending on what you have set, you are either encrypting before the data is sent over the network, on the medias itself, or both.
Software encryption can be configured at the following levels:
Encryption on client allows you to select which encryption cipher to use and where keys are stored. Encryption keys are stored in the CommServe database and optionally on the media itself.
Encryption on subclient allows users to select if and where encryption is performed for the subclient data.
Replication Set (for ContinuousDataReplicator)
Encryption on replication set allows you to protect replicated data as it transits the network.
Storage Policy Copy (for backups and auxiliary copy operation)
Encryption on primary copy allows you to select which encryption cipher to use and where keys are stored for all the clients/subclients associated with it.
Encryption data during auxiliary copy operations allows backup operations to run without the processing overhead of encryption. Encryption performed during an auxiliary copy operation is performed at the source MediaAgent. This provides transmission path security.
Decryption of the encrypted data will occur:
At the client during restore
On the source MediaAgent during synthetic full (decrypted or re-encrypted automatically)
On the source MediaAgent during auxiliary copy of deduplicated data (re-encryption on the source MediaAgent is an option requiring the auxiliary encryption license)
On the source MediaAgent during auxiliary copy if re-encryption is selected. (decrypted then re-encrypted with select algorithm)
+23Hey
Much of it is spelled out here:
https://documentation.commvault.com/11.25/expert/7764_software_encryption.html
Depending on what you have set, you are either encrypting before the data is sent over the network, on the medias itself, or both.
Software encryption can be configured at the following levels:
Encryption on client allows you to select which encryption cipher to use and where keys are stored. Encryption keys are stored in the CommServe database and optionally on the media itself.
Encryption on subclient allows users to select if and where encryption is performed for the subclient data.
Replication Set (for ContinuousDataReplicator)
Encryption on replication set allows you to protect replicated data as it transits the network.
Storage Policy Copy (for backups and auxiliary copy operation)
Encryption on primary copy allows you to select which encryption cipher to use and where keys are stored for all the clients/subclients associated with it.
Encryption data during auxiliary copy operations allows backup operations to run without the processing overhead of encryption. Encryption performed during an auxiliary copy operation is performed at the source MediaAgent. This provides transmission path security.
Decryption of the encrypted data will occur:
At the client during restore
On the source MediaAgent during synthetic full (decrypted or re-encrypted automatically)
On the source MediaAgent during auxiliary copy of deduplicated data (re-encryption on the source MediaAgent is an option requiring the auxiliary encryption license)
On the source MediaAgent during auxiliary copy if re-encryption is selected. (decrypted then re-encrypted with select algorithm)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
