Showing results for 
Search instead for 
Did you mean: 

AIR and encryption

Level 3

With the Auto Image Replication feature is there a way to encrypt the data when its replicated and also on the remote site location but not in the main datacenter?


Level 6
Employee Accredited

The transport portion of AIR is encrypted. It is then decrypted at the destination side and written to disk. There is really no way to configure that. 

Partner    VIP   

You can enable MSDP encryption per client - the procedure is documented in the Netbackup deduplication guide.

Page 97 - Enabling MSDP encryption.

Quote from documentation:

The following is the behavior for the encryption that occurs during the deduplication
■ If you enable encryption on a client that deduplicates its own data, the client
encrypts the data before it sends it to the storage server. The data remains
encrypted on the storage.
Data also is transferred from the client over a Secure Sockets Layer to the server
regardless of whether or not the data is encrypted. Therefore, data transfer from
the clients that do not deduplicate their own data is also protected.
■ If you enable encryption on a load balancing server, the load balancing server
encrypts the data. It remains encrypted on storage.
■ If you enable encryption on the storage server, the storage server encrypts the
data. It remains encrypted on storage. If the data is already encrypted, the
storage server does not encrypt it.

According to this blog, traffic in-transit is encrypted using SSL per default.

Level 3

So I can just enable it on my target replication host and everything would be imported and encrypted?

Partner    VIP   

As I read the quote above from the manual, it imply so.

Since this is a AIR replication and not MSDP duplication, may move the barrier of what possible.