Please enter search query.
Search <product_name> all support & community content...
Article: 100022882
Last Published: 2025-06-30
Ratings: 1 1
Product(s): Backup Exec
Problem
Backup Exec 2010 and newer best practices guide: Software Encryption
Solution
The information in this document is provided as a supplement to the information contained in the Customizing Backup Options > About Encryption section of the Administrator's Guide. For more information regarding the terms and usage used in this document, please refer to the Administrator's Guide.
Encryption keys require a pass phrase, which is similar to a password. Pass phrases are usually longer than passwords and are comprised of several words or groups of text. A good pass phrase is between eight and 128 characters. The minimum number of characters for 128-bit AES encryption is eight. The minimum number of characters for 256-bit AES encryption is 16. Veritas recommends that you use more than the minimum number of characters.
Also, a good pass phrase contains a combination of upper and lower case numbers, letters, and special characters. Literary quotations should be avoided in pass phrases.
A pass phrase can include only printable ASCII characters, which are characters 32 through 126. ASCII character 32 is the space character, which is entered using the space bar on the keyboard. ASCII characters 33 through 126 include the following
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
The following Best Practices will help ensure smooth operations when using Backup Exec:
- Keep the Pass Phrase safe and secure. If there is not a backup of the Backup Exec database and the Pass Phrase is forgotten, data from an encrypted set cannot be restored. If this situation occurs, Veritas will not be able to assist with restoring the encrypted data.
- When using software encryption it is not recommended to use hardware compression. If the data must be both encrypted and compressed and hardware encryption is not available, it is recommended to use software compression. When using software compression the data is compressed first and then encrypted. When using software encryption with hardware compression, the data is encrypted first and then compressed. Encrypted data does not compress well because the data is randomized. In some cases using hardware compression with software encryption will cause the data to become larger rather than smaller.
- Software compression should be used with software encryption for a backup job. First, Backup Exec compresses the files and then it encrypts them. However, backup jobs will take longer to complete when both software encryption and software compression are used.
Known Limitations:
- Backup sets using Granular Restore Technology (GRT) will not be encrypted when using Backup to Disk (B2D). GRT sets to tape can be encrypted. If the GRT sets must be encrypted on disk then it is recommended to use File System encryption to encrypt the B2D folder. When using File System encryption it is recommended to perform a test restore to make sure sufficient privileges are granted to the logon account to be able to access the encrypted data.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.