Forum Discussion
Take a look at the NetBackup Encryption White Paper located towards the end of this post:
https://www-secure.symantec.com/connect/forums/list-netbackup-blueprints
...and have a read. It won't take long. It will help. It really will.
.
A few years ago - I looked at utilising a third party key management product - and it is certainly possible to implement, there were several on the market at the time, but at the time it was all done without NetBackup really knowing anything about it. In the end we went with NetBackup KMS, which with v7.6 can now handle about 100 different active 1:1 (one-to-one) associations between encryption key and NetBackup pool name. And seeing as NetBackup KMS was free, easy to configure, easy to use, and didn't rely on any third party kit (therefore no worries about connectivity, configuration, cost, complexity, interoperability, administration, licensing, power, third party support - for the lifetime of the media )... then, well, really... it was a simple decision to go with NetBackup KMS.
So, unless you have some exacting Government standards to adhere to, which dictate the use of a FIPS compliant key management solution, then my advice would be to keep it simple.
.
AFAIK, none of NetBackup Client Encryption nor NetBackup MSEO nor NetBackup KMS can be used/configured to work with a KMIP compliant application. In all these cases, I believe, each NetBackup environment/domain is an 'island' when it comes to encryption key management.
Related Content
- 7 months ago
- 6 years ago