Storage nodes can perform the following operations on archives stored in managed vaults.
Cleanup and validation
Archives stored in unmanaged vaults are maintained by the agents that create the archives. This means that each agent not only backs up data to the archive, but also executes service tasks that apply to the archive the retention rules and validation rules specified by the backup plan. To relieve the managed machines of unnecessary CPU load, execution of the service tasks can be delegated to the storage node. Since the task schedules exist on the machine the agent resides on, and therefore uses that machine’s time and events, the agent has to initiate the cleanup and the validation according to the schedule. To do so, the agent must be online. Further processing is performed by the storage node.
This functionality cannot be disabled in a managed vault. The next two operations are optional.
Deduplication
A managed vault can be configured as a deduplicating vault. This means that identical data will be backed up to this vault only once to minimize network usage during backup and to minimize storage space taken by the archives. For more information, see the "Deduplication" section.
Encryption
A managed vault can be configured so that anything written to it is encrypted and anything read from it is decrypted transparently by the storage node. This is done by using a vault-specific encryption key stored on the node server. In case the storage medium is stolen or accessed by an unauthorized person, the malefactor will not be able to decrypt the vault contents without access to this specific storage node.
If the archive is already encrypted by the agent, the storage node applies its own encryption over the encryption performed by the agent.