How data protector drive-based encryption works, Backup session with aes 256-bit encryption – HP B6960-96035 User Manual

encrypts the data. Thus the backed up data is encrypted before it is transferred over
the network and written to media.

Figure 17

on page 77 shows a basic interaction during an encrypted backup session

with the AES 256-bit encryption option selected.

Figure 17 Backup session with AES 256-bit encryption

How Data Protector drive-based encryption works

The BSM reads the backup specification in which the Drive-based encryption option
is selected and requests an active encryption key from the KMS. The key is transferred
to the Media Agent (MA), which configures the drive for encryption and sets the
encryption key into the drive. The drive encrypts both the data and the meta-data
that is written to the medium.

In an object copy or object consolidation operation from an encrypted backup, the
data is decrypted by the source drives, transferred over the network and encrypted
by the destination drives.

Concepts guide

77