HP B6960-96035 manual 77

encrypts the data. Thus the backed up data is encrypted before it is transferred over the network and written to media.

Figure 17 on page 77 shows a basic interaction during an encrypted backup session with the AES 256-bit encryption option selected.

Figure 17 Backup session with AES 256-bit encryption

How Data Protector drive-based encryption works

The BSM reads the backup specification in which the Drive-based encryption option is selected and requests an active encryption key from the KMS. The key is transferred to the Media Agent (MA), which configures the drive for encryption and sets the encryption key into the drive. The drive encrypts both the data and the meta-data that is written to the medium.

In an object copy or object consolidation operation from an encrypted backup, the data is decrypted by the source drives, transferred over the network and encrypted by the destination drives.