Forum Discussion

rafanto's avatar
rafanto
Level 5
3 months ago

Activate Data-in-transit encryption

Hello

Please your comments, we have NBU 10.4.0.1, clients have 10.4.0.1/10.2.0.1 agents (in process to upgrade all to 10.4.0.1), on the Global Security we have DTE option as Preferred=OFF.  All clients are with DTE MODE =AUTOMATIC

Our secutity team ask us if we can activate DTE between NBU processes.  Reading the documentation, we can, because all our NBU platform is on 10.2.x/10.4.0.1, but our questions are:

We have a lot of VMware, file server, MSSQL, Oracle backups, what is the impact to activate DTE at this momment? 

  • Performance degradation during backups or restores?
  • Can we restore previous images backups without DTE?
  • If DTE cause some troubles, can we disable without problems to return to normal operation?

Regards!

Rafael

    • Performance degradation during backups or restores?
      Yes, it will result in a performance penalty. How much depends on the system (CPU, memory, etc.). With newer systems I have no trouble at all.

    • Can we restore previous images backups without DTE?
      yes, without any problem.

    • If DTE cause some troubles, can we disable without problems to return to normal operation?
      Yes, you can. It depends on how strict the global policy is, but in general, you can override the global policy.
    • Performance degradation during backups or restores?
      Yes, it will result in a performance penalty. How much depends on the system (CPU, memory, etc.). With newer systems I have no trouble at all.

    • Can we restore previous images backups without DTE?
      yes, without any problem.

    • If DTE cause some troubles, can we disable without problems to return to normal operation?
      Yes, you can. It depends on how strict the global policy is, but in general, you can override the global policy.
    • rafanto's avatar
      rafanto
      Level 5

      Hello,

      We have Flex Appliances instances, we guess tha the resources management on the containers  is the best, at the client side, we have a decent infrastructure :).

      Thank you

      Regards!

      Rafael

  • I think you are better off with encryption at rest,whatever you do , do not enable encryption at multiple levels together.

    cheers.