none
DPM backup encryption RRS feed

  • Question

  • Hello

    I'm just wondering if DPM 2010/2012 encrypts the disk backups? The tape backups are encrypted by the HP MSL library.

    Regards

    Pavit


    Pavit Bhutani

    Monday, July 29, 2013 10:35 AM

Answers

  • Hi,

    DPM data encryption for short term backup data at rest on the replica can only be accomplished in one or two ways:

     

    1. Use NTFS encryption on the protected data source on the protected server.  DPM will also store it encrypted.
    2. Use a San that support hardware data encryption.  DPM will not be aware that the replica file data is encrypted.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, July 30, 2013 3:13 AM
    Moderator

All replies

  • Hi,

    DPM data encryption for short term backup data at rest on the replica can only be accomplished in one or two ways:

     

    1. Use NTFS encryption on the protected data source on the protected server.  DPM will also store it encrypted.
    2. Use a San that support hardware data encryption.  DPM will not be aware that the replica file data is encrypted.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Tuesday, July 30, 2013 3:13 AM
    Moderator
  • Hi,  if DPM does not know if/that the replica data is encrypted then how does it have he ability to restore individual files, etc.?
    Friday, October 21, 2016 7:17 PM
  • Hi,

    Assuming you are referring to SAN hardware encryption.  Much like bitlocker, the encryption is done at the block level and not the file  system level, so any file reads by DPM are decrypted by the SAN hardware before passing the data up the stack.   DPM only receives decrypted data from the file read request.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, October 21, 2016 7:31 PM
    Moderator
  • I know this is a dead thread but Google is serving it up for people asking about encrypting DPM backups and I have found a better solution: run DPM in a VM and then bitlocker the hosts volumes.

    I know, I know, it is absurd that in 2019 Microsoft don't allow you to keep your data encrypted when at rest but at least this seems to work.

    Sunday, May 19, 2019 9:35 PM