cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Job runtime with Backup Exec 12 and Hardware Encryption

cedwards478
Level 2

‎05-05-2009 10:23 AM

In the past, I had been told by several people that it would take considerably longer for an encrypted backup job to run that it does for an identical job without encrpytion.

I created an encryption key and ran a couple of jobs using Hardware Encrytion last night.  I'm using Backup Exec 12 (with SP3), and an HP MSL4048 LTO4 Tape Library.  Prior to me turning on Hardware Encryption for the jobs, one of them took 5.5 hours and the other took 7.  The Encryption appears to have no effect on the time it takes for the job to complete.  The one that was taking 5.5 hours (without encryption) only took 5 hours, and the one that usually takes 7 hours (without encryption) took about 7.25 hours.

I believe I have confirmed that the tapes are encrypted by attempting to restore a file from one of them and being prompted to enter the Pass Phrase.  Is this enough of a test to confirm that the data on the tapes is actually being encrypted?

Can anyone share their experience with job runtimes with encryption vs. no encryption?

Thanks
0 Kudos
7 REPLIES 7

chicojrman
Level 6

‎05-05-2009 11:32 AM

If you're thinking about encryption you will want to use software compression over hardware compression. In case of software compression it will compress and then encrypt which which is the preferred method because if you encrypt and then compress it will not do as good of a job since the white space is now not visible due to encryption and may cause some issues in restores.
0 Kudos

cedwards478
Level 2

‎05-05-2009 11:40 AM

I'm using Hardware Compression and Hardware Encryption.

chicojrman - are you suggesting that I should be using Software Compression and Hardware Encryption?

Does Symantec have a Best Practices published for this?  I saw one published for Software Encryption, but not Hardware.
0 Kudos

teiva-boy
Level 6

‎05-05-2009 12:28 PM

With hardware encryption, there should be little difference in backup times as there is little overhead to the overall stream of data. Software encryption however is done on the client machine and requires CPU cycles from the host you want to backup with an encrypted stream. Note, that in one case, data is sent over the wire encrypted all the way to the tape. Where as in another encryption happens only at the tape drive with all network traffic not being encrypted(or whatever BE uses by default) For some organizations this is a risk... Now for Software compression, all data is compressed at the client machine and sent over the wire in it's compressed form, thus less bandwidth is used over all. More efficient sure, but again, the cost is CPU cycles on the client machine. If you go to the support site picking your respective product, there are a number of best practice guides for various topics, and I'm sure if you search for compression and/or encryption there are some to read up on.
0 Kudos

cedwards478
Level 2

‎05-05-2009 01:52 PM

teiva-boy,
I was unable to find a best practice related to Hardware Encryption.  Symantec's best practice for Software Encryption does recommend that you also use Software Compression (which i believe is what chicojrman was elluding to above).
I just don't find any recommendation for which form of Compression to use when using Hardware Encryption.

Thanks for confirming everything.
0 Kudos

cedwards478
Level 2

‎05-07-2009 12:02 PM

I'm bumping this thread to the top hoping that someone will be able to clarify.

Is it OK to use both Hardware Compression and Hardware Encryption?
0 Kudos

4tun8
Level 2

‎06-26-2009 08:51 AM

Good point, Teiva...
cheers,
42n8

Some people trust in Iron Mountain. Others do tape encryption

 
 
0 Kudos

arrow_203
Level 4

‎06-26-2009 09:18 AM

http://seer.entsupport.symantec.com/docs/285648.htm

From the paper:

When using encryption it is not recommended to use hardware compression. If the data must be compressed it is recommended to use software compression. When using software compression the data is compressed first then encrypted. When using hardware compression the data is encrypted first then compressed. Encrypted data does not compress well because the data is randomized. In some cases using hardware compression with encryption will cause the data to become bigger rather than smaller.

and

You can use software compression with software encryption for a backup job. First Backup Exec compresses the files, and then encrypts them. However, backup jobs take longer to complete when you use both software encryption and software compression.

Edited to clarify:

As mentioned previously, it depends on your requirements whether you use hardware or software encryption.  If you're pulling data from a remote source to the media server, and need that data encrypted as it travels over the network, then you'll want to use software encryption.  If your requirements only stipulate that you need data encrypted on the tape (for offsite backup, for example), then hardware encryption is a good choice AND your backups will run faster.  Bear in mind that most tape drives support hardware compression, but somewhat fewer models support hardware encryption.
0 Kudos