Avamar 7.2 and encryption

There's a good discussion about data-at-rest encryption with Avamar here - Re: Avamar at-rest encryption config

Ian's explanation near the end of the thread should address how the Avamar stripes have the potential to be encrypted, but are not guaranteed to be encrypted.  The only way to ensure a stripe is encrypted is to enable it on a clean, fresh installation with no data written.

In the past, I've switched VM image backups from non-ecrypted to encrypted, but I haven't seen any evidence of backups not relying on CBT when we've switched them, but then again, we have an internal policy to run an on-demand backup outside out of our standard (evening) backup window, when we whenever we make changes like that to a client.

In terms of replication, we've noticed encryption has a "visible but not really significant" impact on the time required to replicator over the wire.  We have encryption-at-rest enabled on Data Domain, and have our replication sessions set to use encryption.  Our daily replication takes about four hours to long-haul over 400 nightly backups, but individual sessions take just a few minutes each.  If we were to disable encryption, I don't think we'd save even an hour, probably only 40 minutes at-best.  Data Domain is still able to leverage it's data reduction techniques even with encryption on, so we didn't see a "good enough" reason to disable it.

Let us know if that helps!

Karl