Encrypting all backups
Performing job-level encryption
The job-level encryption setting is specified in the Backup Advanced Options Set. For more information about creating an Advanced Options Set for a backup job, see the Quest NetVault Administrator’s Guide.
|
1 |
Start the Backup Job Wizard, and open the Advanced Options page. |
|
2 |
Click Additional Options. |
|
3 |
NetVault offers the following methods for creating Secondary Copies:
|
• |
Duplicate: The Duplicate method creates an exact copy which is linked to the original backup. This method breaks down the backup into segments and copies the segments to the storage device. During restore, the segments from the primary backup and secondary copy are interchangeable. As it is not possible to mix unencrypted segments with encrypted segments during restore, you cannot enable or disable encryption for the Duplicate. If the original saveset is encrypted, the Duplicate method creates an encrypted copy. If the original saveset is not encrypted, this method creates an unencrypted copy. |
|
• |
Data Copy: The Data Copy method breaks down the backup into segments and copies the segments to the backup device. During restore, either the primary backup or the secondary copy is used to recover data; the segments from the primary backup and secondary copy are not interchangeable. Therefore, it is possible to enable encryption for the Data Copy when the primary copy is unencrypted. This option is useful when you want to use the deduplication option for primary backups. |
|
1 |
Start the Backup Job Wizard, and open the Advanced Options page. |
|
2 |
Click Secondary Copy. |
|
3 |
|
4 |
Select the Encrypt Secondary Copy Only check box. |
|
Troubleshooting
This section describes some common issues and their solutions. It includes the following topic:
Backups and Restores using AES-256 encryption algorithm are noticeably slower for NetVault Clients version 13.0.1 and 13.0.2 (Enabling non FIPS encryption algorithm on NetVault Clients version 13.0.1 and 13.0.2)
The built-in NetVault Plug-in for Encryption in NetVault 13.0.3 onward includes a FIPS compliant AES-256 option and a non FIPS compliant AES-256 option.
With NetVault 13.0 and earlier, the built-in NetVault Plug-in for Encryption uses an AES-256 encryption algorithm that is non FIPS compliant.
With NetVault 13.0.1, and NetVault 13.0.2 the NetVault Plug-in for Encryption uses an AES-256 encryption algorithm that is FIPS compliant. There is no non FIPS compliant AES-256 option. Backups and restores performed using AES-256 FIPS compliant algorithm are noticeably slower than backups and restores performed using the AES-256 non FIPS compliant encryption algorithm.
With NetVault 13.0.1 and NetVault 13.0.2, backups and restores are noticeably slower with the AES256 encryption option set. The built-in NetVault Plug-in for Encryption is set to use a FIPS compliant AES-256 algorithm.
If FIPS compliance is not a requirement for your backups, and you would prefer to use non FIPS compliant AES-256 algorithm in the benefit of backup speeds, then you can modify NetVault Plug-in for Encryption to use a non FIPS compliant AES-256 encryption algorithm. For each NetVault Client for which you want to use the non FIPS compliant AES-256 encryption algorithm, completethe following steps.
|
3 |
Use a text editor to edit the NetVault config file encryption.cfg |
|
4 |
|
7 |
After saving the changes in the NetVault encryption.cfg config file, restart NetVault services on the NetVault Client |