cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Backup Exec encrypting data that is already encrypted

Go to solution
longryder
Level 3
Partner Certified

‎05-21-2013 04:33 AM

Hi,

Does anyone have any experience of encrypting data with BE2012 software encryption that has already been encrypted with another peice of encryption software (TrueCrypt) ?

I have a functional request for this within Backup Exec 2012 but I'm not convinced that it is a good idea to be layering multi-level encryption, or indeed if it is possible ?

Any thoughts opinions greatly received.

 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎05-21-2013 06:01 AM

Having had a quick look at the website for TrueCrypt - I don't think you will be encrypting twice.

This is because it looks like TrueCrypt is intended to be transarent to both users and services that might run in the operating system. As such BE will be reading the files one at a time as if they are not encrypted as we are dynamically reading via the filter driver that decrypts the files on the fly.

As such if you do not turn on BE encryption then you will almost certainly be in the odd position of the source being encrypted but the backup media not.

A few points to think about however

1) Do no encrypt a volume containing a Backup Exec Deduplication Storage Folder

2) Probably not a good idea to encrypt a volume containing a Disk Storage Device either

3) We do not test BE protecting TrueCrypt so any assistenace from Symantec Support might be 'reasonable busienss efforts only'

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
CraigV
Moderator
Moderator
Partner    VIP    Accredited

‎05-21-2013 04:59 AM

Hi,

 

To be honest I wouldn't do this...lose 1 encryption key and you're dead in the water. Also, you need to take into account any issues you might run into when backing up that data.

Thanks!

0 Kudos

Go to solution
Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎05-21-2013 06:01 AM

Having had a quick look at the website for TrueCrypt - I don't think you will be encrypting twice.

This is because it looks like TrueCrypt is intended to be transarent to both users and services that might run in the operating system. As such BE will be reading the files one at a time as if they are not encrypted as we are dynamically reading via the filter driver that decrypts the files on the fly.

As such if you do not turn on BE encryption then you will almost certainly be in the odd position of the source being encrypted but the backup media not.

A few points to think about however

1) Do no encrypt a volume containing a Backup Exec Deduplication Storage Folder

2) Probably not a good idea to encrypt a volume containing a Disk Storage Device either

3) We do not test BE protecting TrueCrypt so any assistenace from Symantec Support might be 'reasonable busienss efforts only'

0 Kudos

Go to solution
longryder
Level 3
Partner Certified

‎05-21-2013 12:02 PM

Colin / Craig,

Thanks for your comments. I agree that it is less than ideal to have two encryption keys to manage.

I guess with "encrption on the fly" the Backup Exec services will read the data in the same manner as if it were not encrypted. However if the data is "encrypted at rest" then there is little likelihood of BUE being able to read the data to begin with and therefore a non-starter.

Thanks again for your opinions

0 Kudos