Our 5230 appliance currently does not encrypt data on the disk. If i select the option from the Web console to start encrypting am I right in saying the only the new data backed up will be encrypted?
Also, would I expext to see slower performance on writing to disk once encryption is enabled?
Solved! Go to Solution.
many thanks for your reply.
When i say enable encryption, I meant enabling it from the Appliance Web Console > Manage > Host > Deduplication > and ticking Encryption.
Is this the same thing your talknig about when changing contentrouter.cfg or pd.conf?
Yes, it is the same. Please take care when enabling encryption as it would potentially (or actually) warp the previously deduplicated content because you're now going to have different hashes for the same content. There was a post on connect about it some time last year if I recall. Make sure you've got enough free space to potentially have your "first" backup run again.
It's not long been implemented so there is plenty of room. Do you think there will be any change with regards to the performance of the writing to disk once the encyption has been swithced on?
I don't have any real world figures on this but if you think about it, the deduplication is hashing the data and keep it in small chunks, encryption would hash the data and usually keep it in original size. I don't think it would slow down much if any.
My understanding of the process might be incorrect and anyone is welcome to explain exactly what happens. Given the aforementioned, I don't really see what the point of encryption is. I suppose its a tick box for auditors :)
I have enabled MSDP encryption on a number of appliaces. I have not noticed any impact and a couple of our systems are fairly heavily loaded. That said I did not benchmark it.
My understanding is only new data will be encrypted. Any data stored prior to enabling the encryption will not be encyprted.
I was told by a knowlegdable pre-sales NBU tech that the impact of on-disk encryption within an appliance is negligible to a degree, to only a few percentage points, because the encryption is performed in hardware by the CPUs.
You're primary concern will be the fact that the first time any old, or any new data, arrives at the appliance then after encryption it will effectively appear to be new data for de-dupe purposes. You need to think about your data volumes. Your first batch of backups may well appearto run slowly. In what appears to be counter-intuitive measure... you may be better placed enabling on-disk encryption within the appliance just before your first round of incremental backups and not just before a round of full backups.