Chat now with support
Chat with Support

NetVault 13.2 - Built-in Plug-ins User Guide

Encrypting all backups

If encryption is enabled for all backups performed from a particular NetVault Client, there are no additional requirements for encrypting backups. For more information about the backup and restore procedures, see the user’s guide for the relevant plug-in.

Performing job-level encryption

The job-level encryption option can be used to encrypt the primary backup, secondary copy, or both. Encrypting both the primary backup and secondary copy is beneficial when security requirements dictate that the backup must be encrypted while it transfers across the network or while it is stored on a disk-based backup device even if the disk-based backup device is located within the corporate network.

The job-level encryption setting is specified in the Backup Advanced Options Set. For more information about creating an Advanced Options Set for a backup job, see the Quest NetVault Administrator’s Guide.

For more information, see the Quest NetVault Administrator’s Guide.
2
Click Additional Options.
3
In the Additional Options dialog box, select the Enable Encryption check box.

NetVault offers the following methods for creating Secondary Copies:

Duplicate: The Duplicate method creates an exact copy which is linked to the original backup. This method breaks down the backup into segments and copies the segments to the storage device. During restore, the segments from the primary backup and secondary copy are interchangeable. As it is not possible to mix unencrypted segments with encrypted segments during restore, you cannot enable or disable encryption for the Duplicate. If the original saveset is encrypted, the Duplicate method creates an encrypted copy. If the original saveset is not encrypted, this method creates an unencrypted copy.
Data Copy: The Data Copy method breaks down the backup into segments and copies the segments to the backup device. During restore, either the primary backup or the secondary copy is used to recover data; the segments from the primary backup and secondary copy are not interchangeable. Therefore, it is possible to enable encryption for the Data Copy when the primary copy is unencrypted. This option is useful when you want to use the deduplication option for primary backups.
For more information, see the Quest NetVault Administrator’s Guide.
2
Click Secondary Copy.
3
In the Secondary Copy dialog box, select the Create Secondary Copy check box.
4
Select the Encrypt Secondary Copy Only check box.
IMPORTANT:  
If the primary copy is encrypted, the Data Copy method automatically creates an encrypted saveset whether you select the Encrypt Secondary Copy Only check box or not. Therefore, this option is only useful when you want to create an encrypted secondary copy from an unencrypted primary copy.
Encrypted primary backups are not encrypted again if you select the Encrypt Secondary Copy Only check box for a Data Copy.

Troubleshooting

This section describes some common issues and their solutions. It includes the following topic:

Backups and Restores using AES-256 encryption algorithm are noticeably slower for NetVault Clients version 13.0.1 and 13.0.2 (Enabling non FIPS encryption algorithm on NetVault Clients version 13.0.1 and 13.0.2)

The built-in NetVault Plug-in for Encryption in NetVault 13.0.3 onward includes a FIPS compliant AES-256 option and a non FIPS compliant AES-256 option.

With NetVault 13.0 and earlier, the built-in NetVault Plug-in for Encryption uses an AES-256 encryption algorithm that is non FIPS compliant.

With NetVault 13.0.1, and NetVault 13.0.2 the NetVault Plug-in for Encryption uses an AES-256 encryption algorithm that is FIPS compliant. There is no non FIPS compliant AES-256 option. Backups and restores performed using AES-256 FIPS compliant algorithm are noticeably slower than backups and restores performed using the AES-256 non FIPS compliant encryption algorithm.

With NetVault 13.0.1 and NetVault 13.0.2, backups and restores are noticeably slower with the AES256 encryption option set. The built-in NetVault Plug-in for Encryption is set to use a FIPS compliant AES-256 algorithm.

If FIPS compliance is not a requirement for your backups, and you would prefer to use non FIPS compliant AES-256 algorithm in the benefit of backup speeds, then you can modify NetVault Plug-in for Encryption to use a non FIPS compliant AES-256 encryption algorithm. For each NetVault Client for which you want to use the non FIPS compliant AES-256 encryption algorithm, completethe following steps.

4
Search for the stanza [Client:Crypto Algorithm], and add an entry for AES256_OLD
7
After saving the changes in the NetVault encryption.cfg config file, restart NetVault services on the NetVault Client
After restarting NetVault services on the Client, NetVault Plug-in for Encryption will be set to use the non FIPS compliant AES-256 encryption algorithm. When modifying encryption options, the algorithm list will let you choose between CAST128, CAST256, AES256 (FIPS compliant), and AES256_OLD (non FIPS compliant).

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating