When selected, encryption keys are stored in the CommServe database unlocked, and encrypted data can be recovered without providing a pass-phrase. Use this mode only if you trust your CommServe, and have some other mechanisms to protect it from unauthorized access.
Initially enabled after selecting Direct Media Access option Via a Pass-Phrase.
When selected, encryption keys are locked with a user-supplied pass-phrase before being stored in the CommServe database. Even if the database has been compromised, the encryption keys are still unusable without the pass-phrase. Note that in this mode encrypted data cannot be recovered without entering a correct pass-phrase.
Do not choose a trivial or one-word pass-phrase. Remember that in this mode it is the pass-phrase that defines the security of your data. The more elaborate it is, the less likely it can be picked by a third-party.
 |
WARNING: Loss of the pass-phrase signifies loss of all data previously protected. |
If you want to recover encrypted data without having to provide the pass-phrase for every recovery operation, you can export the source computer's pass-phrase to a destination computer.
Enable Synthetic Full
When selected, indicates that synthetic full data protection jobs can be performed when data encryption is enabled. Since running synthetic full data protection operations involves recovering data to a temporary buffer in memory, such data protection operations need a pass-phrase to access data encryption keys in the CommServe database.
If you want the convenience of scheduling Synthetic Full data protection operations at the expense of slightly weaker security, leave this option enabled. This will create another instance of unlocked encryption keys in the CommServe database, which can be used by synthetic full data protection operations only.
Alternatively, you can clear this option and then export the pass-phrase to the MediaAgent computer in which the Synthetic Full job is run.