Frequently Asked Questions (FAQ) for Data Encryption

Table of Contents

What kind of performance hit can I expect from encryption?

Data encryption (software encryption) is a CPU intensive operation and can reduce your backup or auxiliary copy performance by an estimated 40%-50%.

Note: The estimated performance hit is not applicable to deduplicated data as deduplication process discards all duplicate data and only encrypts data blocks that are unique in the entire deduplication database. Hence the performance hit for deduplicated data will be low.

Hardware encryption has a significantly less impact of about 10%.

Does encryption have an impact on compression when writing to media?

Yes, by using encryption when performing backup operations, the data is effectively randomized. This means that the compression algorithms will not be as effective when compressing the encrypted data. So when this data gets written to media there will be a noticeable difference in the compression ratio.

Example: A tape with a Native capacity of 110GB which at one time got 190GB compressed may now only get 124GB written to the same tape when using encryption as well.

The amount of data that can be written to tape varies depending on the type of data getting written that is Image files will not be compressed as they are already considered compressed but a TXT file is highly compressible.

Therefore, we recommend that you do not enable hardware compression on encrypted data, as doing so might increase the data size.

Why do encrypted files take longer time to back up?

Encrypted files take longer time to backup due to the processes used to back them up. Encrypted data has to communicate with the software that was used to encrypt the files. This communication happens throughout the backup process. Hence, the backup software has to provide a call back function in a different thread for these encrypted files to be backed up thereby slowing down the backup process.

How does deduplication affect data encryption?

If you are creating a secondary copy from an encrypted-deduplicated source copy, the software automatically decrypts the deduplicated data during the creation of the secondary copy.

To create a fully encrypted secondary copy of backup data, ensure that the secondary copy is configured for re-encryption. For instructions, see Configuring Data Encryption on a Storage Policy Copy.