AIR and encryption

Gstrouth · ‎03-31-2014

With the Auto Image Replication feature is there a way to encrypt the data when its replicated and also on the remote site location but not in the main datacenter?

SymTerry · ‎03-31-2014

The transport portion of AIR is encrypted. It is then decrypted at the destination side and written to disk. There is really no way to configure that.

Nicolai · ‎04-01-2014

You can enable MSDP encryption per client - the procedure is documented in the Netbackup deduplication guide.

http://www.symantec.com/docs/DOC6466

Page 97 - Enabling MSDP encryption.

Quote from documentation:

The following is the behavior for the encryption that occurs during the deduplication
process:
■ If you enable encryption on a client that deduplicates its own data, the client
encrypts the data before it sends it to the storage server. The data remains
encrypted on the storage.
Data also is transferred from the client over a Secure Sockets Layer to the server
regardless of whether or not the data is encrypted. Therefore, data transfer from
the clients that do not deduplicate their own data is also protected.
■ If you enable encryption on a load balancing server, the load balancing server
encrypts the data. It remains encrypted on storage.
■ If you enable encryption on the storage server, the storage server encrypts the
data. It remains encrypted on storage. If the data is already encrypted, the
storage server does not encrypt it.

According to this blog, traffic in-transit is encrypted using SSL per default.

https://www-secure.symantec.com/connect/blogs/power-netbackup-deduplication-distributed-processing-and-secure-backup-streams

Gstrouth · ‎04-01-2014

So I can just enable it on my target replication host and everything would be imported and encrypted?

Nicolai · ‎04-02-2014

As I read the quote above from the manual, it imply so.

Since this is a AIR replication and not MSDP duplication, may move the barrier of what possible.

VOX

AIR and encryption