Forum Discussion

soolean's avatar
soolean
Level 4
2 years ago
Solved

configure NetBackup Client Encryption Option


I'm running Netbackup 8.1    I would like to enable client side encryption but ı couldnt do it. 

I followed the instruction but the \NetBackup\crypt directory is not on my master server.

https://www.veritas.com/support/en_US/article.100021401

 

 

  • Is client encryption the right choice for you ?

    Have you considered tape drive encryption using NBU KMS  ?. Encryption happens in hardware on the tape drives and hasn't any performance impact. You do need to save passphrase for the KMS encryption is a very safe place in case master server crashes.

    https://www.veritas.com/support/en_US/article.100020249

  • Is client encryption the right choice for you ?

    Have you considered tape drive encryption using NBU KMS  ?. Encryption happens in hardware on the tape drives and hasn't any performance impact. You do need to save passphrase for the KMS encryption is a very safe place in case master server crashes.

    https://www.veritas.com/support/en_US/article.100020249

    • soolean's avatar
      soolean
      Level 4

      Thanks, 

      Can I disable it whenever I want, or can I only do it for the client I want?

       

  • hi soolean 

    When KMS is configured, it will only encrypt data going to tape pool with the ENCR_ prefix. Meaning you can stop encrypting data on tape by sending backup images to a tape pool not prefixed with ENCR_

    Be aware encryption is good at maintaining confidentiality , but if you looses the encryption keys - no matter what you type of encryption being deployed, you too loose access to data. A bit of study in the technical implementation is  required.