NetBackup and Client side Encryption

Hello

Can someone please help me with the following question.

We have NetBackup version 7.6.0.3

I have a physical Server (Windows Server 2012 R2) which I want to backup

As there is sensative data on this Server I want to 'encrypt the backup'

Ideally I also want to be able to perform a bare metal restore of the Server should it fail completley

I want to backup to disk (e.g. disk pool) not tape

I watched a view videos on youtube, and it said use 'client' side encryption and compression before sending the data across to the Netbackup Server to be stored on disk. This is OK I can use client side encryption and compression as the backup will happen over night.

However my questions are

1:

if the client is doing the encryption, where are the encryption keys stored which will be require to decrupt the data when a restore is required? For example of the keys are stored on the Server being backed up, then is the Server fails I will not be able to restore the backup to another Server as the keys will be lost along with the Server.

2: If I can use client side encryption and compression to do my backup, does this configuration support bare metal restore of the Server, should the Server fail completley

3: Where can I download an eval of Netbackup 7.6.0.3 to test this in a lab before trying it in production as although we have license keys there are for the copy of NetBackup being used in production.

 

Thanks all in advance

AAnotherUser__