KMS and Key Retention Policies
I am going to setup KMS in NetBackup 7.7.2. I understand how this works and have successfully tested backups and restores to a DR site. My question is with the retention periods on the keys. I want to encrypt my offsite duplicated tapes only. The daily jobs have a 2 month retention, weekly 2 month, monthly 13 months, and yearly 2 years. Should I create multiple keys for one keygroup, and set all but one to prelive, and one to active? Can someone give me examples of how this part works? Is there always going to be manual intervention with the status of the keys?
Thanks for any clarification on this.
You could use different volume pools for the backups Terry...this way you then have separate sets of keys and you can manage them as you wish , without the need to think about....which of these keys is the right key to decrypt backup X. You override the policy volume pool in the schedule. Should make things much simpler. Jim.
Hello,
yes there could be one key for all policies/duplication (more precisely, for all volume pools used by them), or you can have diffferent keys for individual volume pools.
I think the key rotation is rather about security best practices. Consult this with a management or with somebody responsible for data security.
Regards
Michal
