Ayuda de vídeo de Screencast

Backup Exec encrypting data that is already encrypted

Created: 21 Mayo 2013 | 3 comments
el cuadro de los longryder


Does anyone have any experience of encrypting data with BE2012 software encryption that has already been encrypted with another peice of encryption software (TrueCrypt) ?

I have a functional request for this within Backup Exec 2012 but I'm not convinced that it is a good idea to be layering multi-level encryption, or indeed if it is possible ?

Any thoughts opinions greatly received.

Operating Systems:

Comentarios ComentariosIr al último comentario

el cuadro de los CraigV


To be honest I wouldn't do this...lose 1 encryption key and you're dead in the water. Also, you need to take into account any issues you might run into when backing up that data.


Alternative ways to access Backup Exec Technical Support:


el cuadro de los Colin Weaver

Having had a quick look at the website for TrueCrypt - I don't think you will be encrypting twice.

This is because it looks like TrueCrypt is intended to be transarent to both users and services that might run in the operating system. As such BE will be reading the files one at a time as if they are not encrypted as we are dynamically reading via the filter driver that decrypts the files on the fly.

As such if you do not turn on BE encryption then you will almost certainly be in the odd position of the source being encrypted but the backup media not.

A few points to think about however

1) Do no encrypt a volume containing a Backup Exec Deduplication Storage Folder

2) Probably not a good idea to encrypt a volume containing a Disk Storage Device either

3) We do not test BE protecting TrueCrypt so any assistenace from Symantec Support might be 'reasonable busienss efforts only'

el cuadro de los longryder

Colin / Craig,

Thanks for your comments. I agree that it is less than ideal to have two encryption keys to manage.

I guess with "encrption on the fly" the Backup Exec services will read the data in the same manner as if it were not encrypted. However if the data is "encrypted at rest" then there is little likelihood of BUE being able to read the data to begin with and therefore a non-starter.

Thanks again for your opinions