Forum Discussion

  • The transport portion of AIR is encrypted. It is then decrypted at the destination side and written to disk. There is really no way to configure that. 

  • You can enable MSDP encryption per client - the procedure is documented in the Netbackup deduplication guide.

    http://www.symantec.com/docs/DOC6466

    Page 97 - Enabling MSDP encryption.

    Quote from documentation:

    The following is the behavior for the encryption that occurs during the deduplication
    process:
    ■ If you enable encryption on a client that deduplicates its own data, the client
    encrypts the data before it sends it to the storage server. The data remains
    encrypted on the storage.
    Data also is transferred from the client over a Secure Sockets Layer to the server
    regardless of whether or not the data is encrypted. Therefore, data transfer from
    the clients that do not deduplicate their own data is also protected.
    ■ If you enable encryption on a load balancing server, the load balancing server
    encrypts the data. It remains encrypted on storage.
    ■ If you enable encryption on the storage server, the storage server encrypts the
    data. It remains encrypted on storage. If the data is already encrypted, the
    storage server does not encrypt it.

    According to this blog, traffic in-transit is encrypted using SSL per default.

    https://www-secure.symantec.com/connect/blogs/power-netbackup-deduplication-distributed-processing-and-secure-backup-streams

  • So I can just enable it on my target replication host and everything would be imported and encrypted?

  • As I read the quote above from the manual, it imply so.

    Since this is a AIR replication and not MSDP duplication, may move the barrier of what possible.