What kind of performance hit can I expect from encryption?
Software encryption is a CPU intensive operation. However, it does not have perceptible performance impact on backup operations and auxiliary copy operations on the CPUs that have Advanced Encryption Standard instruction set.
Does encryption have an impact on compression when writing to media?
Yes, by using encryption when performing backup operations, you can effectively randomize the data. This means that the compression algorithms will not be as effective when compressing the encrypted data. So, when the data gets written to the media, there will be a noticeable difference in the compression ratio.
Example: A tape with a Native capacity of 110GB which at one time got 190GB compressed may now only get 124GB written to the same tape when using encryption as well.
The amount of data that can be written to tape varies depending on the type of data getting written that is Image files will not be compressed as they are already considered compressed but a TXT file is highly compressible.
Therefore, we recommend that you do not enable hardware compression on encrypted data, as doing so might increase the data size.
Why do encrypted files take longer time to back up?
Encrypted files take longer time to backup due to the processes used to back them up. Encrypted data has to communicate with the software that was used to encrypt the files. This communication happens throughout the backup process. Hence, the backup software has to provide a call back function in a different thread for these encrypted files to be backed up thereby slowing down the backup process.
How does deduplication affect data encryption on secondary copies?
To create a fully encrypted secondary copy of backup data, ensure that the secondary copy is configured for re-encryption.
To explain further, the Data Encryption settings on the secondary copy is, by default, configured to Preserve the encryption mode as in source. Therefore, if the copy is created from an encrypted-deduplicated source, the software automatically encrypts the deduplicated data with the same cipher while performing an auxiliary copy to the secondary copy.
Note: If the source includes unencrypted data – meaning some clients are encrypted while some clients are not encrypted – the encrypted data block may refer to an unencrypted block in the secondary copy. Therefore, some data maybe unencrypted although the job may report that the data was encrypted.
Option 1: To encrypt ALL data in ALL copies:
-
Make sure that all clients are configured to Use the Storage Policy Settings for encryption.
For instructions, see Configuring Data Encryption on a Client.
-
Enable encryption in the Primary copy by selecting the Encrypt Data option with a Data Encryption Algorithm.
For instructions, see Configuring Data Encryption on a Storage Policy Copy.
-
The Data Encryption settings on the secondary copy can use the default Preserve the encryption mode as in source option.
Option 2: To encrypt ALL data in a secondary copy:
-
Make sure that encryption is configured in the secondary copy with the Re-encrypt data using selected cipher option enabled.
For instructions, see Configuring Data Encryption on a Storage Policy Copy.
Does encryption cause an increase in backend storage consumption? What happens if you disable encryption at future point in time?
There is no impact on the size of backup data when you enable or disable encryption.