Forum Discussion

____111's avatar
____111
Level 3
11 years ago

The question of MSEO Encryption and decryption

Hi all,

I have a problem about the MSEO(media server encryption option).

backup environment like below:

CV1}_S)$}D$14P(476MV5SL.jpg

DC SITE(MAST BACKUP SITE)

Master server: SHAA2SNBU38

Media server: SHAA2SNBU38

first backup data to DD640,then vault to tape in i500.

DR SITE(DISASTER RECOVERY SITE)

Master server: SHAA2SNBU38(the same DC site master server)

Media server: SHAA5SNBU61

backup type like DC SITE

 

Now i have problem:

Vault to tape is through encryption by mseo(media server of SHAA2SNBU38).Then i take the tape to DR site and recovery the tape from media server(SHAA5SNBU61) successfully.But the site of DR(SHAA5SNBU61) is out of mseo agent. why it does sucessfully?

additional query:Recovery data what backup through MSEO must need media server installing MSEO agent?

 

 

  • i want to which type of key combination use by veritas to encrypt or decrypt the file because I apply the key to decrypt it but it not happen and why it is doesnot ask for key while decrypting bkffile, why in veritas folder in driver no paste option available.

    • mph999's avatar
      mph999
      Level 6

      You need to start a new post clearly explaining what your issue is, as opposed to just adding to a thread several years old.

      You have not explained what you are trying to do, what type of encryption you are using.

      • veritas8's avatar
        veritas8
        Level 4

        Using vertias tool I created a bkf encrypted file and I know the key and pass phrase of the file.

        I m using this encrypted file for my project  in which i have to decrypt the bkf file using  algo through project not any third party tool and save it but when i use key or pass phrase to decrypt it it not possible , so i want to know which algo veritas using to decrypt the bkf file because when i decrypt it through veritas it does not ask for key and for same file same key encrypted data is different, so can you tell me what procedure veritas usage to decrypt the bkf file or which type of key combination it usage to decrypt it.

  • Have you consider using Netbackup KMS (tape drived base encryption) insted of MSO ?

    LTO4 and newer all support hardware encryption (MSO is software based encryption).

    http://www.symantec.com/docs/TECH203420

  • Not sure where the log is on windows, just do a search on the mseo server for mseo.log

    It is difficult to tell if iyt is encrypted, as mseo 'happens after' NBU - the easiest way is to stop the mseo services and try a restore.

    Martin

  • If you want to use the MSEO encription at the other site, you have to install the MSEO agent. But it seems that MSEO is not working now.

    check the logs and run the command "cgconfig list" to check if the devices have encription option enabled.

    Do you use the DD as VTL or as OST (or nfs)?

    I'm not sure if the MSEO is working with duplicated tapes. How do you enable the encription during the duplication?

    If the cgconfig command shows that your drives are encreption enabled try to run a backup directly to i500 and see what will happen at the DR site.

     

    One more question. What drive types you are using at the i500 and the i40?

     

  • Hi mph999,

    It is windows env,so is't log in windows event log?And how to know is it encryption successfully?

    ThankU

  • Is the backup actually encrypted ?

    If you look in the meso log you should see if it is really encrypted:

    /var/logs/mseo.log

    Another way to test, is take one of the backups on the Live site, stop mseo services and try to restore - it should fail.  Restart mseo, restore agin and it should work.