I use TryCrypt to encrypt media I send off site. In BE 2010 I could just create an encrypted volume and mount it. It shows up in Windows as a local disk; transparently to any application. I would create a Disk based device and point to this drive letter and BE would use it. Now it can't; doesn't even see it as available storage unless I leave the space unencrypted. I then have to encryp it after the backup which takes significantly longer. And BE can't mount it except some times by "importing a legacy B2D...."
I know BE can encrypt its own data but I rather use a third party product independent of BE.
Backup Exec 2012 enumerates all disks and disk volumes (drive letters) from Windows using Windows’ Virtual Disk Services API. TrueCrypt volumes do not enumerate as disks or disk volumes via this API. That is why they do not show up in the Configure Storage wizard. TrueCrypt volumes also do not show up in Windows’ Disk Management, which gets its information from the Virtual Disk Services API too.
Backup Exec 2012 will work with Microsoft’s Encrypting File System (EFS) and BitLocker. It also works with PGP Whole Disk Encryption (but not PGP’s “virtual disk” from a file). Those might be alternatives. And as you said, Backup Exec can encrypt the backup sets itself.
It is potentially a bad idea to encrypt the disks that contain your backups with software that is not part of the backup software as this will mean you can't use any form of IDR/ SDR as you would need to install the software to unencrypt somewhere before you can access the data to be restored. and you cannot install this software into the IDR/SDR Win PE environments.
We also may have disabled allowing an encypted volume to be used as a storage target because of possible effects on GRT and DeDuplication operations. Bear in mind that part of the ethos of BE 2012 is to stop configurations from being possible that might adversely affect the ability to backup/restore.
Those are valid points and if I were starting from scratch I would have choosen a different path. It's not a terrible situation because those disks that I now have encrypted in storage won't be needed for a disaster recovery situation so I can mount them on another machine or even a VM and connect them via network.
Regards and thanks for the comments,