After installing the NVBU Encryption Plugin on a client (CAST-128, CAST-256, or AES-256), backups are unexpectedly slower than usual.
In some cases the performance drop is drastic.
If Encryption is disabled the backups return to normal speed.
NVBU encryption is done locally on the backed up client.
The backup stream is encrypted and sent to the targeted device.
Enabling encryption will inevitably create a bottleneck in the backup stream , as an additional processing layer is introduced.
The additional processing impact can vary based on the CPU performance and architecture, but also based on the encryption algorithm selected:
- During Encryption many bit swapping operations are performed. These operations are known to be very slow on Big-Endian CPUs.
Examples of big-endian architectures are PowerPC (AIX, MAC...) and SPARC (Solaris).
Intel based CPUs seem to be better at processing these bit swapping operations than other CPUs.
- Additionally if Advanced Encryption Algorithms such as CAST256 or AES256, are selected, it would logically take more time to encrypt a stream than with CAST-128 algorithm.
Unless a CPU upgrade is considered, one can off-load the encryption process from the clients to the NVBU server or a SmartClient, as part of Secondary Copies.
Encryption on secondary copies can only be done using the Datacopy method (not the Duplication method).
IMPORTANT:
- Datacopies produce independent copies of your backups which means you cannot perform datacopies of incremental backups for the moment, only for full backups.
- Duplications however, can produce secondary copies of incrementals but cannot be encrypted.
If performing encryption on the NVBU server or a SmartClient is considered, the following conditions must be met:
1- Install the NVBU Encryption plugin(s) on the NVBU Server
2- Install the NVBU Encryption license on the NVBU Server
3- Configure encryption on the NVBU nvconfigurator > "Encryption" tab
> Supply an "Encryptio Key String" (password)
> Select the relevant encryption module from the "Available Encryption Algorithms" pull-down menu
> Click Apply
4- Configure the affected client backups to produce encrypted secondary copies:
> Advanced Options tab, select "Create Secondary Copy"
> Select "Data Copy"
> Select "Encrypt Secondary copy Only"
> Save the job
This way the initial backup from the client to the targeted device will be unencrypted and will take less time to transfer.
The Encryption phase will then be moved to the NVBU server while a secondary copy is created to tape (or other device).
