I really need your help regarding MSDP encryption. And I am confused about all what I read on the subject.
What are my options to encrypt my deduplicated data on MSDP ?
We have Netbackup appliance 8.1.1. I understand that I have two options:
MSDP native encryption:
-backup encrypt: For backups, the deduplication plug-in encrypts the data after it is deduplicated.The MSDP pd.conf file ENCRYPTION parameter controls backup encryption for individual hosts
-Duplication and replication encryption :the deduplication plug-in on MSDP servers encrypts the data for transfer. The data is encrypted during transfer from the plug-in to the NetBackup Deduplication Engine on the target storage server and remains encrypted on the target storage.
- For MSDP encryption, how it works ? how keys are generated and where are stored(on the client, in the MSDP catalog? file system ?) How to secure these keys ?
- We are already backuping data. which means my segments of data are not encrypted. If I activate encryption on my clients, my new segments of data will be encrypted but not the old one ? Am I right ? Is there any solution to backup old data ?
KMS with MSDP (available since version 8.1.1): I don't find much information on KMS for MSDP encyption. All I know that it is possible since version 8.1.1 => https://www.veritas.com/support/en_US/doc/25074086-130388296-0/v130236116-130388296
KMS should be activated during the storage creation. Which means to use KMS and encrypt all my data. I shoul restart backuping all my data. Do you confirm ? have you any information on this ?
To sum up, I found the documentation really confusing and I really need your help.
Are you using encryption ? What are using for it ?
Thank you so much for helping,