Avamar Encryption
To provide enhanced security during client/server data transfers, Avamar supports two levels of “in-flight” encryption: Medium and High. The exact encryption technology and bit strength used for any given client/server connection depends on a number of factors, including the client platform and Avamar server version.
The default encryption method is used for client/server data transfers (None, Medium, or High) when you create and edit groups. The group encryption method can also be overriden for a specific client on the Client Properties tab of the Edit Client dialog box, for a specific backup on the On Demand Backup Options dialog box, or for a specific restore on the Restore Options dialog box.
To enable encryption of data in transit, the Avamar server data nodes each require a unique public/private key pair and a signed X.509 certificate that is associated with the public key.
When the Avamar server is installed, a public/private key pair and a self-signed certificate are generated automatically in the /data01/home/admin directory on each Avamar server storage node and in the /usr/local/avamar/etc directory on the utility node. However, because self-signing is not recommended in production environments, you should generate and install a key and signed certificate from either a commercial or private CA.
Each individual Avamar server can also be configured to encrypt data stored on the server “at rest.” The decision to encrypt all data stored in an Avamar server is typically a one-time decision that is made when the server is initially deployed at a customer site.
No comments:
Post a Comment