Forum Discussion

InsentraCameron's avatar
10 years ago

DLO 7.6 - Deduplication Storage Location Encryption

Hello,

I have a customer who is backing executive desktops. The proposed solution will be backed up to deduplication storage locations.

The security admin has concerns around the encryption used while the backup data is in transit and while is is stored on the deduplication storage locations.

The administration guide does not provide a lot of information about how the deduplication storage locations are encrypted.

  1. Can I confirm that all the data is backed up with one key?
  2. Does the encryption of the data affect the performance of the deduplication storage locations?
  3. Does the encryption decrease the effectiveness of deduplication?

Cheers,

Cameron

  • Hi,

    Please find the response to the queries:

    1. The data in the dedupe storage locations is encrypted using standing encryption algorithms like AES 256 (default), AES 128 and DES. Each chunk is encrypted using a unique key and hence it isn’t a broader level one key encryption.
    2. Encryption does not affect the performance of the dedupe storage locations. Encryption only imposes a marginal performance overhead (less than 3% of total backup time) in the endpoints. The actual size of the data written to/read from the dedupe storage location depends on the amount of compression achieved.
    3. No, it does not. The deduplication is done on the actual source data which then undergoes encryption.

    Thanks,

    Santosh

  • Hi,

    Please find the response to the queries:

    1. The data in the dedupe storage locations is encrypted using standing encryption algorithms like AES 256 (default), AES 128 and DES. Each chunk is encrypted using a unique key and hence it isn’t a broader level one key encryption.
    2. Encryption does not affect the performance of the dedupe storage locations. Encryption only imposes a marginal performance overhead (less than 3% of total backup time) in the endpoints. The actual size of the data written to/read from the dedupe storage location depends on the amount of compression achieved.
    3. No, it does not. The deduplication is done on the actual source data which then undergoes encryption.

    Thanks,

    Santosh