You can enable MSDP encryption per client - the procedure is documented in the Netbackup deduplication guide.
Page 97 - Enabling MSDP encryption.
Quote from documentation:
The following is the behavior for the encryption that occurs during the deduplication process: ■ If you enable encryption on a client that deduplicates its own data, the client encrypts the data before it sends it to the storage server. The data remains encrypted on the storage. Data also is transferred from the client over a Secure Sockets Layer to the server regardless of whether or not the data is encrypted. Therefore, data transfer from the clients that do not deduplicate their own data is also protected. ■ If you enable encryption on a load balancing server, the load balancing server encrypts the data. It remains encrypted on storage. ■ If you enable encryption on the storage server, the storage server encrypts the data. It remains encrypted on storage. If the data is already encrypted, the storage server does not encrypt it.
According to this blog, traffic in-transit is encrypted using SSL per default.