Highlighted

MSDP encryption

Dear all, 

I really need your help regarding MSDP encryption. And I am confused about all what I read on the subject. 

What are my options to encrypt my deduplicated data on MSDP ? 

We have Netbackup appliance 8.1.1. I understand that I have two options: 

MSDP native encryption:

-backup encrypt: For backups, the deduplication plug-in encrypts the data after it is deduplicated.The MSDP pd.conf file ENCRYPTION parameter controls backup encryption for individual hosts

-Duplication and replication encryption :the deduplication plug-in on MSDP servers encrypts the data for transfer. The data is encrypted during transfer from the plug-in to the NetBackup Deduplication Engine on the target storage server and remains encrypted on the target storage.

https://www.veritas.com/support/en_US/doc/25074086-127355784-0/v95643059-127355784

My questions:

- For MSDP encryption, how it works ? how keys are generated and where are stored(on the client, in the MSDP catalog? file system ?) How to secure these keys ?

- We are already backuping data. which means my segments of data are not encrypted. If I activate encryption on my clients, my new segments of data will be encrypted but not the old one ? Am I right ? Is there any solution to backup old data ? 

KMS with MSDP (available since version 8.1.1): I don't find much information on KMS for MSDP encyption. All I know that it is possible since version 8.1.1 => https://www.veritas.com/support/en_US/doc/25074086-130388296-0/v130236116-130388296

KMS should be activated during the storage creation. Which means to use KMS and encrypt all my data. I shoul restart backuping all my data. Do you confirm ? have you any information on this ? 

To sum up, I found the documentation really confusing and I really need your help. 

Are you using encryption ? What are using for it ? 

Thank you so much for helping,

Regards

 

1 Reply