Encryption Documentation

Last post 01-29-2020, 7:29 AM by Guy Heaton. 4 replies.
Sort Posts: Previous Next
  • Encryption Documentation
    Posted: 01-21-2020, 7:21 AM


    as our organization is ISO certified we have internal and external audits on regular terms. 

    In case of security aspects there are questions about backup encryption as well as backup path encryption.

    I have already found the docs about the backup encryption itself and how to configure it. But I didn't find anything about the backup path encryption. 

    We have Red Hat Virtualization in use - so there are VSA Proxy-VMs running on our infrastructure running and one specific audit question would be if the transfer of the backups between the VSA's and the media agent as well as between the media agent and the CIFS Shares on the backup target are encrypted.

    Since the backup target is in our case a simple network share Commvault has nothing to do with encryption on this part. So there's still the question left if the first part of the communication is encrypted or if and how the encryption can be activated...and where these options are documented.

    Thanks for your help!


  • Re: Encryption Documentation
    Posted: 01-21-2020, 9:08 AM
    • efg is not online. Last active: 03-24-2020, 6:10 PM efg
    • Top 10 Contributor
    • Joined on 02-02-2010
    • CommVault Tinton Falls NJ
    • Master
    • Points 1,720

    Please take a look in the documentation here: 

    Encrypting Backup Data

    Software Encryption

    Configuring Software Encryption

    Let us know if this helps.

    Ernst F. Graeler
    Senior Engineer III
  • Re: Encryption Documentation
    Posted: 01-21-2020, 10:21 AM

    Hello Markus,

    For HyperVisors you need to consider the tranport mode.  Depending on what transport mode you are using, the exposure level is different.  If you use a tranport mode such as Hotadd, the datastore will mount to the vm proxy.  If the Proxy is also a media agent, then we will encrypt at the source (ma/proxy) to the library...thus end to end encryption using Commvault.

    I hope that makes sense.  Go through the transport mode documentaiton and let me know if you have questions:


  • Re: Encryption Documentation
    Posted: 01-21-2020, 11:01 AM

    Thanks - this was the thing I was looking for: 


  • Re: Encryption Documentation
    Posted: 01-29-2020, 7:29 AM

    Setting encryption globally from Control panel, System will filter down to every SP copy and every subclient.


The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Copyright © 2020 Commvault | All Rights Reserved. | Legal | Privacy Policy