I'm currently testing different solutions to choose the right storage, Data Domain dedup is awesome but as soon as I enable backup encryption it's a drama
I'm afraid that using a "partner solution" didn't support this critical feature, for us as a cloud/service provider it's totaly unthinkable to let the datas unencrypted...
Cloud/service provider, how do you handle this ?
As Data Domain will be totally useless for us, what kind of storage are you using ? We will not use something like Synology, Qnap, ... as they don't have an efficient enterprise support.
Hi Julien, do you mean encryption at rest or in transit? Note that you can save unencrypted data on Data Domain for higher dedupe rates (and then use Data Domain native encryption, if required).
I want to protect the backup datas if unauthorized user gets access to backup files outside of the backup infrastructure. (Password protectd backup file)
I know this is an old thread but how is the option Enable DD boost encryption in Veeam Reporistory handled together with DD Boos native "at-rest" encryption, will it effect dedup ratios?
In the Veeam Backup Repository, the "Enable DDBoost Encryption" option only affects in-flight network traffic to the Data Domain. Different Veeam repositories on the same Data Domain could use different DDBoost Encryption settings. Internally on the Data Domain, different clients can also be configured to use different in-flight encryption levels.
Once the data has been received (and possibly decrypted if in-flight encryption was used), the deduplication algorithm gets to work and writes out new blocks of data to disk.
Data Domain native "at rest" encryption affects how these new blocks of data are stored on the disks. At-rest encryption causes each block of deduped and compressed data to be also encrypted when it's stored on the disks within the Data Domain. This is a global setting on the whole Data Domain appliance and affects all data written to disk.
Neither of these options make any bit of difference to how well the Data Domain dedup works regarding dedup ratio. There's a little extra work to be done when encryption / decryption is enabled, but unlikely to be noticeable.
There is one Veeam option that can affect Data Domain dedup ratios, and that's in the Repository settings. It's the "Decompress backup data blocks before storing" option. It's description explains it well: "VM data is compressed by backup proxy according to the backup job compression settings to minimize LAN traffic. Uncompressing the data before storing allows for achieving better deduplication ratio on most deduplicating storage appliances at the cost of backup performance". Leave this option ticked if using a Data Domain.
This is a good thread with some good info but I'm not sure this question was answered: If you only use the DDBoost and DD encryption at rest (no veeam file encryption) are the backup files readable if someone can get to the share in the DD and copy those files elsewhere? Could they be copied out of the DD share and imported into another BnR?
