Data Encryption - Getting Started

Data Encryption can be setup from the following levels:

The following section provides instructions for setting up data encryption from each of these levels:

Client Encryption

To encrypt data during data protection and recovery operations using the CommCell Console, you must configure encryption at the client level. The encryption is automatically configured for all instances and subclients associated with all the agents installed on the client.

  1. From the CommCell Browser, expand Client Computers.
  2. Right-click the appropriate client, and then click Properties.
  3. From the Client Computer Properties for <Client> dialog box, click Advanced.
  4. In the Advanced Client Properties dialog box, click the Encryption tab and then specify the appropriate settings.
    1. Select the Encrypt Data check box.
    2. From the Cipher list, select the encryption algorithm.
    3. From the Key Length box, select a key length.
  5. Click OK and then click OK to close the Client Computer Properties for <Client> dialog box.

Subclient Or Instance Encryption

When you configure data encryption at the client level, all subclient or instance backups are automatically performed using data encryption. You can disable the encryption setting from specific subclients. Additionally, you can also set the encryption settings.

To specify where data encryption must be performed during backups.

  1. From the CommCell Console, expand Client Computer | <Client> | <Agent> | <BackupSet>.
  2. Right-click the appropriate subclient or instance and click Properties.
  3. In the Subclient Properties or Modify Instance Property dialog box, click the Encryption tab and specify the appropriate settings.
    • None

      Disable encryption.

    • Media Only (MediaAgent Side)

      Backup data is transmitted without encryption and then encrypted prior to storage. During restore operation, data is decrypted by the client.

    • Network and Media (Agent Side)

      This is the default option. When enabled, backup data is encrypted before transmission and is stored encrypted on the media. During restore operations, data is decrypted by the client.

    • Network Only (Agent Encrypts, MediaAgent Decrypts)

      Backup data is encrypted for transmission and then decrypted prior to storage on the media. During restore operations, data is encrypted by the MediaAgent and then decrypted in the client.

  4. Click OK.

Storage Policy Copy Encryption

  1. From the CommCell Browser, expand Policies | Storage Policies | <Storage_Policy>.
  2. Right-click the appropriate secondary copy, and then click Properties.
  3. In the Copy Properties dialog box, click the Advanced tab, select the appropriate settings and then click OK.
    1. Click the Encrypt Data check box.
    2. From the Cipher list, select the encryption algorithm.
    3. From the Key Length list, select a key length.

Hardware Encryption

Before enabling hardware encryption, check your hardware specifications to verify that data encryption is supported.

  1. From the CommCell Browser, expand Policies | Storage Policies | <Storage_Policy>.
  2. Right-click the appropriate storage policy copy, and then click Properties.
  3. In the Copy Properties dialog box, click the Data Paths tab, select the appropriate data path, and then click Properties.
  4. In the Data Path Properties dialog box, click the Use Hardware Encryption check box.

    A message appears that tells you that hardware supports data encryption.

  5. Click Yes.
  6. Click OK.