About choosing encryption for a backup
When a backup is started, the server determines from a policy attribute whether the backup should be encrypted. The server then connects to bpcd on the client to initiate the backup and passes the policy attribute on the backup request.
The client compares the policy attribute to the CRYPT_OPTION in the configuration on the client as follows:
If the policy attribute is yes and CRYPT_OPTION is REQUIRED or ALLOWED, the client performs an encrypted backup.
If the policy attribute is yes and CRYPT_OPTION is DENIED, the client performs no backup.
If the policy attribute is no and CRYPT_OPTION is ALLOWED or DENIED, the client performs a non-encrypted backup.
If the policy attribute is no and CRYPT_OPTION is REQUIRED, the client does not perform the backup.
The following table shows the type of backup that is performed for each condition:
Table: Type of backup performed
CRYPT_OPTION | Encryption policy attribute with CRYPT_OPTION | Encryption policy attribute without CRYPT_OPTION |
|---|---|---|
REQUIRED | Encrypted | None |
ALLOWED | Encrypted | Non-encrypted |
DENIED | None | Non-encrypted |
See Standard encryption backup process.
See NetBackup standard encryption restore process.