Forum Discussion

10 years ago

Backing up data to tape using Key Management Services (KMS)

Hi, I am in need of some assistance/ guidance with KMS encryption. Recently, we have configured a test backup job with encryption using Key:   Environment Netbackup Master Server version:...
    10 years ago
    No, it cannot be done. KMS must use a vol pool starting ENCR as you are aware, and, a tape can only belong to one volume pool, so there is no way to write encrypted and non-encrypted backups as the non-encrypted backups would have to use a different pool not starting ENCR. One option, just encrypt all backups, it doesn't 'cost' anything, and since KMS keys can be recreted on another system, you can restore imges on other environments if required. Do not encrypt the catalog backups, use a non encrypted pool for these, and if you backup the encryption keys (hopefully), don't encrypt them for obvious reasons. One tip, when you crate keys, be sure to use the option where you specify the pass phrase, that way, event without the keys backups you can recreate them, obviously, keep the passphrases written down somewhre safe, like a safe.