Enabling encryption in a deduplication folder

Article:TECH124682  |  Created: 2010-01-10  |  Updated: 2012-01-25  |  Article URL http://www.symantec.com/docs/TECH124682
Article Type
Technical Solution

Product(s)

Environment

Issue



Enabling encryption in a deduplication folder


Solution



Backup Exec does not allow standard software encryption on a job that is being sent to a deduplication folder.  This occurs because data that is encrypted before it reaches the deduplication engine will not deduplicate.  Even if the original data was the same, by the time it has gone through the encryption process, deduplication would be ineffective.

However, encryption can be enabled on the deduplication folder itself by editing the pd.conf file and setting the ENCRYPTION statement to = 1.

This can be set at the media server, agent or both. If set at the agent, you will encrypt the data being sent over the wire if using Direct Access.

This setting will encrypt the data with in the deduplication folder.

Note: If you have access to the media server, you could potentially decrypt the data. The encryption is not FIPS compliant as it is using a fixed encryption key.
 


Legacy ID



347112


Article URL http://www.symantec.com/docs/TECH124682


Terms of use for this information are found in Legal Notices