Configuring Data Encryption on a Client

You can configure encryption on a client to protect data during data protection and recovery operations.

When data encryption is enabled on a client, by default, encryption is enabled on all instances or subclients associated with all the agents installed on the client. The data encryption keys are randomly generated per archive file.

Note: If the NDMP data is directed to a NDMP Remote Server-enabled MediaAgent for data protection or auxiliary copy you can software and hardware encrypt the data. For NDMP data sent directly to a filer-attached library only hardware encryption is supported. Filer direct Hardware encryption requires a third party key management system.


  1. From the CommCell Browser, expand Client Computers.
  2. Right-click the appropriate client, and then click Properties.
  3. From the Client Computer Properties dialog box, click Advanced.
  4. In the Advanced Client Properties dialog box, on the Encryption tab, specify one of the following settings:
    • To encrypt data according to the settings in the storage policy copy, click Use Storage Policy Settings. (This option is applicable for non NAS clients.)
    • To use specific encryption type for this client backups, select Encrypt data with following settings and then select the following:
      • Under Data Encryption Algorithm, select the following:
        1. From the Cipher list, select appropriate encryption algorithm.

          For information on supported algorithms and key lengths, see Data Encryption Algorithms.

        2. From the Key Length list, select appropriate key length.
      • Under Direct Media Access (External Restore Tools), choose whether to enable or disable the encryption keys store:
        • To enable the encryption keys store on the media, select Via Media Password.
        • To disable the encryption keys store on the media, select No Access.
    • To transfer data without encryption, select Do not encrypt.

    For detailed information, see Advanced Client Properties - Encryption.

  5. Click OK.