transferring encryption license

I'm well into my project to set up netbackup 8.0 on a new media server. The next issue is encryption. We have licenses to encrypt a few of the servers. My question is:

Where can I find these licenses/keys/whatever on our old 7.7 media server and get them active on the new server?

I've looked at this:

https://www.veritas.com/support/en_US/article.TECH67972 -

How to install and configure Key Management Service (KMS) encryption on a NetBackup master server

Looks pretty straightforward - but I'm not even sure how to tell if we were using KMS on the old platform.

Thanks in advance!

Linux

andrew_mcc1
7 years ago
Well if the policy encryption checkbox is greyed out for no obvious reason I would still suggest trying the working license key on the new master server. I understand client encryption is included in version 6.5 and later licences but it still may need the key "feature" to run.
To check, just copy and paste the license string via Admin Console> Help Licences. Obviously only run with the correct key in production. BR Andrew

15 Replies

Marianne
Level 6
7 years ago
Neither NBU Client-based encryption nor KMS is licensed. These options are free.

Your issue is the encryption keys. You need to know which type of encryption you are using and how to export them.

NBU client encryption is selected in policy attributes. KMS writes to tape pool(s) starting with ENCR in the name.

Please see mph999 's reply in this post:

https://vox.veritas.com/t5/NetBackup/Encryption-On-tape-Drive/m-p/838220
- Bruce_Clegg
  Level 5
  7 years ago
  Reading through the options in the documentation is good. I could probably set up a new system, but I'm worried about breaking what has been working on the 'old' 7.7 platform. Right now I don't understand exactly what my predessessors put in place encryption wise on the old platform. I appreciate your patience as I go through the process here...
  I want to encrypt the backups for a single policy - but on the new platform the option on the policy to encrypt the backup is greyed out. I'm calling up the old encryption keys from the offsite vault. When they get here, will I be able to use them to 'un-grey' the option on the policy? If so, how? I suspect I could create new keys too, but I'm not sure if this will 'break' the encrypted archive tapes I've already got from the old 7.7 installation.
  I suspect I'm making this harder than it is - but as I said - I'm being careful.
  - Marianne
    Level 6
    7 years ago
    So, it seems you are using Client encryption in your environment?
    
    If so, please go through this TN:
    
    More about the NetBackup Encryption Option - detailed demonstration of encrypted backups
    https://www.veritas.com/support/en_US/article.TECH56759
    
    The TN is VERY old, so please ignore refence to license key (free as from 6.5) and bpinst (no longer separate install).
    
    Start reading here:
    Encryption will need to be enabled on the client through its Host Properties
    
    If you scroll down, you will see how to backup the keyfile.dat on the client.
    This is what you need to transfer the key to a new/alternate client for restores.
    
    HTH

Forum Discussion

transferring encryption license

15 Replies

Related Content

Transfer Images

EV FSA License

Key Management Service (KMS) encryption

configure NetBackup Client Encryption Option

Encrypt Oracle RMAN Backup with NetBackup

Recent Discussions

command: bperror

MS-SharePoint policy restore error (2804) .

How to restore a backup

How to configure RBAC

10 years old netbackup appliance database service down, ssl certification out date