Gstrouth
11 years agoLevel 3
AIR and encryption
With the Auto Image Replication feature is there a way to encrypt the data when its replicated and also on the remote site location but not in the main datacenter?
With the Auto Image Replication feature is there a way to encrypt the data when its replicated and also on the remote site location but not in the main datacenter?
The transport portion of AIR is encrypted. It is then decrypted at the destination side and written to disk. There is really no way to configure that.
You can enable MSDP encryption per client - the procedure is documented in the Netbackup deduplication guide.
http://www.symantec.com/docs/DOC6466
Page 97 - Enabling MSDP encryption.
Quote from documentation:
The following is the behavior for the encryption that occurs during the deduplication process: ■ If you enable encryption on a client that deduplicates its own data, the client encrypts the data before it sends it to the storage server. The data remains encrypted on the storage. Data also is transferred from the client over a Secure Sockets Layer to the server regardless of whether or not the data is encrypted. Therefore, data transfer from the clients that do not deduplicate their own data is also protected. ■ If you enable encryption on a load balancing server, the load balancing server encrypts the data. It remains encrypted on storage. ■ If you enable encryption on the storage server, the storage server encrypts the data. It remains encrypted on storage. If the data is already encrypted, the storage server does not encrypt it.
According to this blog, traffic in-transit is encrypted using SSL per default.
https://www-secure.symantec.com/connect/blogs/power-netbackup-deduplication-distributed-processing-and-secure-backup-streams
So I can just enable it on my target replication host and everything would be imported and encrypted?
As I read the quote above from the manual, it imply so.
Since this is a AIR replication and not MSDP duplication, may move the barrier of what possible.