Video Screencast Help

Encrypted Backup's not encrypting all files

Created: 25 Apr 2012 | 3 comments

Apparently if you use GRT backupexec will not encrypt the data.  So I turn all that off but I still have .DR files showing up.   Should I be concerned about their contents? When I open them with notepad there is ALOT of clear text information.  Are these files critical to keep?   If I delete them do they prevent the "full bare-metal restore/convert to virtual machine"?  

Should I stop using Backup Exec's encryption and encrypt my eSata drives with Truecrypt?  I want the GRT features and these new DR features, but not at the risk of my off site media containing unencrypted files.

Suggestions appreciated.

Comments 3 CommentsJump to latest comment

Colin Weaver's picture

DR files are used by the SDR (or IDR) Processes and I suspect they are not encrypted as they have to be read prior to the phases that handles decryption.

They should contain details of the configuration of the server but no specific end user data.

And yes GRT data sets on a disk system result in unencrypted content within an IMG folder - this is because the content has to be mountable directly via some form of mounter/api relating to the specific product (Vmware, Exchange etc) and these mounter utilities cannot handle decryption.

If you GRT to tape, it should allow encryption but will need a staging area (or a duplicate job phase) as part of the restore so the restore will take longer.

ZacTech's picture

I backup everything to local disk on a RAID, and then duplicate to Esata which Backup Exec 2012 only accecpts as local disk. Would I have to backup up the backup to encrypt the GRT?

When I look at the DR files they contain multiple instances of encryption verbage.  That file does not include the key anywhere does it?  I need to guarantee that file cannot be used to decrypt the associated .bkf. 


arctics's picture

Bumping this as there are some unanswered questions here. 

We are using a backup exec 3600 appliance, with external hard drive archives via duplicate jobs.  These jobs have encryption enabled.  This is news to me that not all data will be encrypted.  Can Symantec please provide some clarity as to specifically what data is left unencrypted, and what measures can be taken to ensure no unencrypted data is backed up?