Key management system for data encryption
Hello Team,
Master : server: Solaris 10
Version: 8.1.1
Media server : netbackup appliances 5330 and 5340
We have one master server and 3 media server (netbackup appliances). we don't have tape library in our infra.
Can we configure KMS to encrypt data on disk pools? I know we can configure over Volume pools but here we don't have tape library.
If yes, can you please share the technote that contain configuration of KMS for netbackup appliances?
If No, then we can encrypt the data i.e. going to disk pools(netbackup appliances)?
Hi Dav1234
What the OPTDUP_ENCRYPTION = 1 setting means is that data segments sent to a different storage server will be encrypted in flight - this adds an additional layer of protection for that data. Note that these segments will remain encrypted when they land in the target MSDP (the fact they were sent implies that the target pool did not contain this data already - remember that the fingerprint is computed and stored on the unencrytped data).
As to recommended settings - this really depends on your circumstances and requirements around data security. I would suggest that the settings what ever you determine should be consistant across all devices. The additional overhead for encrypting and decrypting each data segment is minimal, so I wouldn't be concerned that you now probably have a mix of encrypted and unencrypted data segments in some disk pools.
David