what are the steps for using MSDP Encryption
Hello,
We have Netbackup Appliance 5240. I am trying to figure out what are the steps to configure MSDP encryption? I have read "MSDP encryption" guide and it says that by default MSDP encryption is disabled. You could modify pd.conf on the client in order to have encrypted backup.
1. so if I modify pd.conf on the client (/usr/openv/lib/ost-plugins/pd.conf) and add ENCRYPTION = 1. Will the backups be encrypted on the host before being transfererred to the MSDP on the 5240 appliance?
This option only works for the clients where you modify pd.conf.
2. I also read that if I want to enable MSDP encryption for all the hosts I need to log in to shell menu on 5240 appliance and modify contentrouter.cfg. I am not sure what is the full path for contentrouter.cfg file and how to access it and what needs to be updated in that file. Can someone please list steps needed to use MSDP encryption for all the backups.
Thank you.
Excerpt from our build doc :
# Make absolutely sure encryption at rest and in transit is always enabled
ENCRYPT_TMP=/tmp/encrypt.tmp
if [ -f ${ENCRYPT_TMP} ];then rm ${ENCRYPT_TMP};fi
grep "^ENCRYPTION = 0" /usr/openv/lib/ost-plugins/pd.conf > /dev/null
if [ $? -eq 0 ];then
echo Enabling encryption at rest.
sed 's/^ENCRYPTION = 0/ENCRYPTION = 1/g' /usr/openv/lib/ost-plugins/pd.conf > ${ENCRYPT_TMP}
mv /usr/openv/lib/ost-plugins/pd.conf /usr/openv/lib/ost-plugins/pd.conf_`date +"%m%d%y%H%M%S"`
mv ${ENCRYPT_TMP} /usr/openv/lib/ost-plugins/pd.conf
fi
grep "^OPTDUP_ENCRYPTION = 0" /usr/openv/lib/ost-plugins/pd.conf > /dev/null
if [ $? -eq 0 ];then
echo Enabling encryption in transit.
sed 's/^OPTDUP_ENCRYPTION = 0/OPTDUP_ENCRYPTION = 1/g' /usr/openv/lib/ost-plugins/pd.conf > ${ENCRYPT_TMP}
mv /usr/openv/lib/ost-plugins/pd.conf /usr/openv/lib/ost-plugins/pd.conf_`date +"%m%d%y%H%M%S"`
mv ${ENCRYPT_TMP} /usr/openv/lib/ost-plugins/pd.conf
fiYou could also do this via the CLISH if you want. Settings-->Deduplication-->Tune ENCRYPTION enable
Settings-->Deduplication-->Tune OPTDUP_ENCRYPTION enable