You can configure encryption on a storage policy to encrypt data during data protection operations.
Note: When you enable encryption on a storage policy, the software encrypts the data before writing it to the media and stores the keys in the CommServe database. If the media is misplaced, recovery of the data without the CommServe database is impossible.
The following table describes how you can configure encryption for a storage policy.
Copy Type |
Options to Configure Encryption |
Considerations |
---|---|---|
Primary copy of a storage policy, a global deduplication storage policy or a global secondary copy policy |
You can enable encryption for a storage policy copy by default. For instructions, see Configuring Global Level Software Encryption Settings. You can configure encryption during or after creation of a storage policy. For instructions, see Configuring Software Encryption on a Primary Copy. |
|
Primary copy of a storage policy associated with a global deduplication storage policy |
Review the following:
For instructions, see Configuring Software Encryption on a Primary Copy. |
You can override the settings only if the CommServe is upgraded from a previous version or the global deduplication policy was created on previous service pack. After you choose not to override the settings, you cannot again override the settings. |
Secondary copy |
You can use any of the following options to configure encryption on a secondary copy:
For instructions, see Configuring Software Encryption on a Secondary Copy. |
You cannot select the Preserve encryption mode as in source option for a non-deduplicated copy that contains partially copied jobs. If you selected the Encrypt on network using selected cipher option for a secondary copy, promoted the copy as primary copy and later made it as a secondary copy again, then the option is disabled for the copy. |
Secondary copy of a storage policy associated with a global deduplication policy |
Review the following:
For instructions, see Configuring Software Encryption on a Secondary Copy. |
You can override the settings only if the CommServe is upgraded from a previous version or the global deduplication policy was created on previous service pack. After you choose not to override the settings, you cannot again override the settings. You cannot select Store plain text option. |
Secondary copy of a storage policy associated with a global secondary copy policy |
Review the following:
For instructions, see Configuring Software Encryption on a Secondary Copy. |