Import KMS-files to a new NetBackup Master Server with already imported old catalog (NetBackup 8.2)

Question

Hello, I need to restore virtual machines located on tape media that was encrypted with KMS. We have the following files available ...

db\KMS_DATA.dat

key\KMS_HMKF.dat

key\KMS_KPKF.dat

Is it true, that those files just need to be copied to the right place (the question is where is this place on a NetBackup server running on a Windows Server system?) and the 'NetBackup Key Management Service' needs to be started or are there other things to be considered?

Thanks in advance for any reply.

nicolai · Accepted Answer

Hi&nbsp;Didi7&nbsp;Guidance can be found in&nbsp;Veritas NetBackup™ Security and Encryption GuideAbout recovering KMS by restoring all data filesIf you have made backup copies of the&nbsp;KMS_DATA.dat,&nbsp;KMS_HMKF.dat, and&nbsp;KMS_KPKF.dat&nbsp;files, it is just a matter of restoring these three files. Then startup the&nbsp;nbkms&nbsp;service and the KMS system will be up and running again.https://www.veritas.com/content/support/en_US/doc/21733320-127424841-0/v21635120-127424841On Windows the location is :&nbsp;\Program Files\Veritas\kms\db\KMS_DATA.dat\Program Files\Veritas\kms\key\KMS_HMKF.dat\Program Files\Veritas\kms\key\KMS_KPKF.dat

didi7 · Answer

Hi Nicolai,it really was as simple as that. Restores from encrpyted media is possible now. I read about it in another thread but nothing was mentioned about the path for the KMS files within a Windows Server environment.Thank you for your prompt answer.&nbsp;

nicolai · Answer

Hi&nbsp;Didi7&nbsp;Glad I could help.Word of advice. Pls make sure you protect (backup) the KMS files or the pass phrases KMS keys were generated by on a medium NOT encrypted by KMS. Else you truly have a catch 22

didi7 · Answer

Hello Nicolai,KMS files, passphrases and the likes are safely protected on different systems and several times on tape media and even on USB sticks in a professional safe.I assume KMS files don't change, as long as you do not change any passphrases?The above mentioned server is just for restore purposes.In the meantime I could successfully restore 3 VMs from 3 different encrypted tapes.Regards&nbsp;

Forum Discussion

Import KMS-files to a new NetBackup Master Server with already imported old catalog (NetBackup 8.2)

About recovering KMS by restoring all data files

4 Replies

About recovering KMS by restoring all data files

Related Content

Re: Import KMS-files to a new NetBackup Master Server with already imported old catalog (NetBackup 8.2)

NetBackup for MySQL

Oracle to Netbackup Copilot

Compatibility NBUITA with Netbackup Version

Netbackup 10.4.0.1 SAN Client support RHEL8.10?

Recent Discussions

MS-SharePoint policy restore error (2804) .

How to restore a backup

How to configure RBAC

command: bperror

10 years old netbackup appliance database service down, ssl certification out date