Configuring Software Encryption on a Primary Copy

You can configure data encryption on a primary copy.

Procedure

  1. From the CommCell Browser, expand Policies > Storage Policies > storage_policy.

  2. Right-click the appropriate storage policy copy, and then click Properties.

    The Storage Policy Copy Properties dialog box appears.

  3. On the Advanced tab, select the Encrypt Data check box.

  4. Under Data Encryption Algorithm, select the following:

    • From the Cipher list, select appropriate encryption algorithm.

    • From the Key Length list, select appropriate key length.

    If you change the algorithm anytime, the software uses new algorithm to encrypt new backup data. If the policy is a global policy, then the software uses new algorithm to encrypt new backup data. Also, the algorithm change is applicable to existing and new storage policy copies that are dependent on the global policy.

  5. Under Direct Media Access (External Restore Tools), select whether to enable or disable the encryption keys store:

    • To enable the encryption keys store on the media, select Via Media Password.

    • To disable the encryption keys store on the media, select No Access.

      Note

      For a CommServe Disaster Recovery storage policy, the Via Media Password is the default option and you cannot change the option. The DR backups require the keys store on the media.

  6. To associate the copy to a third-party key management server, under Third Party Encryption, select the Select a Key Management Server check box, and then select a key management server from the list:

    Notes:

    • You can also change the association from one third-party to another third-party key management server. When you change the key management server, the software automatically decrypts the keys stored in the CommServe database with the old server key and encrypts the keys again using the new server key. The backups that already exist and the new backups use only the new server key.

    • To change the association from a third-party key management server to the default Commvault server, contact your software provider to get an authorization code to perform the operation.

      For instructions, see Associating Storage Policy Copies to a Key Management Server.

    For detailed information, see Copy Properties Advanced.

  7. Click OK.

What to Do Next

To prevent the encryption settings from being accidentally altered by users once it is established, enable the Prevent changes to software encryption settings option at global level. For more information, see Configuring Global Level Software Encryption Settings.

Loading...