Netbackup Encryption Configuration
Hi Everyone
We have a requirement to configure the encryption for data-in-transit and data-at-rest. I'm new to this concept and needed help on how to configure this.
Below is the environment details:
We have 2 sites . Site A and Site B
Site A
1 Master server - RHEL 8.10 - NB Version 10.4
2 Media servers - RHEL 8.10 - NB Version 10.4
1 Data Domain
Site B
1 Master server- RHEL 8.10 - NB Version 10.4
2 Media servers- RHEL 8.10 - NB Version 10.4
1 Data Domain
Site A is primary and the backups will be taken to Data Domain and Replicated to Site B using SLP.
Please advise how to configure encryption for Data in transit and for Data at rest.
I believe if you do a search on the forum you will find many related posts.
for how to do it, for DIT, if you mean between client and media server, you have an option in the Netbackup > global security>encryption>you can enable it form there, by default it is prefered on.if clients are having netbackup agent 10.X it is preferred on .
if by DIT you mean the data in transit between two media server (AIR),
you need to enable opt_dup encryption in "pd.conf"
/usr/openv/lib/ost-plugins/pd.conf #
OPTDUP_ENCRYPTION value must be 1 to enable it.for data at rest encryption, you have two option, access the above file (pd.conf)
change ENCRYPTION vault to 1.
or access <storage Path>/etc/puredisk/contentrouter.cfg (find the storage path from your pure disk value in netbackup console)
look for 'ServerOptions' in the file and add ',encrypt' to end of the line:
ServerOptions=fast,verify_data_read,encrypt
you will need to restart netbackup services (we just MSDP services to be more specific).
there you go , you have the encryption enabled in your environment.
but a bit of advise , be careful when enabling encryption at multi layer (DIT between client and media server and then data at rest)as it will impact the backup and restore and performance and dedup)
