Enabling encryption in a deduplication folder

  • Article ID:100000646
  • Modified Date:
  • Product(s):


Enabling encryption in a deduplication folder


Backup Exec does not allow standard software encryption on a job that is being sent to a deduplication folder.  This occurs because data that is encrypted before it reaches the deduplication engine will not deduplicate.  Even if the original data was the same, by the time it has gone through the encryption process, deduplication would be ineffective.

However, encryption can be enabled on the deduplication folder itself by editing the pd.conf file and setting the ENCRYPTION statement to = 1.

This can be set at the media server, agent or both. If set at the agent, you will encrypt the data being sent over the wire if using Direct Access.

This setting will encrypt the data with in the deduplication folder.

Note: If you have access to the media server, you could potentially decrypt the data. The encryption is not FIPS compliant as it is using a fixed encryption key.

Was this content helpful?

Get Support