Commvault

Hardware Encryption

Owned by Carl Brault (Unlicensed)
Last updated: Nov 30, 2021 by tdopko@commvault.com (Unlicensed)
1 min read

For tape drives that support hardware encryption, Commvault® software can enable or disable an encryption operation on the drive and manage encryption keys. Keys are stored in the CommServe® database. The 'Direct Media Access' option 'Via Media Password' puts a copy of the keys on the media. The 'No Access' option only stores the keys in the CommServe database.

Commvault software writes data in chunks. Tape media uses 8GB chunks for indexed-based backups and 16GB chunks for database backups. When encryption is enabled for data protection jobs writing to tape media with 'hardware encryption' enabled, each chunk has a separate encryption key seeded by a random number generator and other factors. Generating keys at the chunk level provides an enhanced level of security and greatly reduces the potential of data compromise.


To configure hardware encryption

1 - Right-click the storage policy tape copy | Properties.

2 - Select the path to the drives and click Properties.

3 - Enable the use of hardware encryption.

4 - Define if the encryption keys should be stored on the media.


If data has been encrypted using Commvault® software encryption and hardware encryption is also enabled, the data is encrypted twice.



Copyright © 2021 Commvault | All Rights Reserved.