The mode of key lifecycle management as either static or internal. | |
A global mode of key management in which a fixed key is used to encrypt all data. | |
• |
Performance Impacts — Encryption should have minimal to zero impact on both backup and restore workflows. |
It should also have no impact on the replication workflows.
• |
Replication — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. This means that encrypted data on the source does not automatically imply that when it is replicated to the target it will be encrypted unless encryption is explicitly turned ‘ON’ on the target DR Series system. |
• |
Seeding — Encryption must be enabled on both the source and target DR Series systems to store encrypted data on the systems. If seeding is configured for encryption, then the data will be re-encrypted and stored. When the data stream is imported onto the target from the seed device, the stream will be encrypted as per the target policy and stored. |
• |
Security Considerations for Passphrase and Key Management — |
Encryption is set at the storage group level.
4. |
Encryption of pre-existing data. Any pre-existing data will also be encrypted using the currently set mode of key management. This encryption occurs as part of the system cleaner process. Encryption is scheduled as the last action item in the cleaner workflow. You must launch the cleaner manually using the maintenance command to reclaim space. It then encrypts all pre-existing unencrypted data. The cleaner can also be scheduled as per the existing pre-defined cleaner schedule. |
Refer to the DR Series System Command Line Interface Reference Guide for information about the CLI commands used for encryption.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center