Avamar 6.x at-rest encryption enabled

You can probably submit an RFE, but I'm not sure how this can be implemented efficiently with the way Avamar works internally.

I don't foresee this ever being implemented. It would be a very high risk change and it violates several core architectural principles of Avamar.

That said, you do have options. There is a REST management API that was designed specifically with BaaS providers in mind. One of the main features is that you can organize Avamar systems into pools in order to reduce the overhead involved in managing multiple systems and distribute tenants across them as you wish. If you only have one customer who requires encrypt-at-rest, you could stand up an AVE, a single node system or a small grid with encrypt-at-rest enabled and limit the customer's clients to the encrypt-at-rest system.

Access to the REST API is currently only available by RPQ but this is mainly a formality so the product management team can keep track of which customers are using it. If you talk to your account team, they can file the RPQ on your behalf.

Thank you Ian for detailed explanation.

As the document mentioned , though we specify the overhead, customers will be adamant to have as per PCI-DSS etc audits and compliance needs.

The way we segregate customers via vlans (though data is internally replicated for RAIN) similarly enabling the E@R on a single node also should be made possible by EMC which will be easy to deploy without overhead affecting for other customers.

Our storage capacity demands are not so high for now to deploy a separate AVE. Once the 16 node grid is full and we see a new customer for E@R we might deploy AVE+E@R.