NetBackup 7.1 Deduplication with Encryption
I was going through the NetBackup documentation on deduplication for 7.1 (Netbackup_Dedupe_Guide.pdf) and I'm looking for the behavior of encrypted data going from the deduplication pool to tape. According to the documentation:
The following is the behavior for the encryption that occurs during the
■ If you enable encryption on a client that deduplicates its own data, the client
encrypts the data before it sends it to the storage server. The data remains
encrypted on the storage.
Data also is transferred from the client over a Secure Sockets Layer to the
server regardless of whether or not the data is encrypted. Therefore, data
transfer from the clients that do not deduplicate their own data is also
■ If you enable encryption on a load balancing server, the load balancing server
encrypts the data. It remains encrypted on storage.
■ If you enable encryption on the storage server, the storage server encrypts
the data. It remains encrypted on storage. If the data is already encrypted, the
storage server does not encrypt it.
Now, it sounds like if I encrypt before going to the deduplication pool, I will have encrypted data if I duplicate that image onto tape (either via SLP or Vault). However, if I enable encryption on the storage server, it says that the storage server encrypts the data and it "remains encrypted on the storage." But what happens if I copy the data to tape via SLP or a Vault? Will it remain encrypted? I want to ensure that my offsite tapes will be encrypted.