If you are referring to LTO-4's hardware incryption abilities on the tape drives themselves, NetBackup is not involved in any part of the encryption or decryption of the data, nor does it need to be informed of it. There is nothing to license from Symantec to use this type of encryption.
The encryption/decryption does require a compatible Encryption Key Manager (EKM) server, though, which would be licensed through your tape library hardware vendor. The tape drives need to communicate with this server (usually over an ethernet connection on the tape library) to obtain valid encryption/decryption keys for the tapes. The EKM software may be able to run on your media server, but that is not required. It all depends on your vendor's requirements. Most folks would run the EKM in a VM, since it should have very low requirements (the only I/O it performs is to send encryption keys, it doesn't read any data from the backup data stream at all).
If you have an offsite disaster recovery site, be sure that you have LTO-4 drives at that location, too, along with a secondary EKM server at that location that has been sync'd with your other EKM server so they contain identical key stores. Without that, your backups are impossible to decrypt and would be useless in a disaster.
