Forum Discussion

MikeSB's avatar
MikeSB
Level 3
13 years ago

Verify KMS Encryption NetBackup 7.5

I hope this helps others, I just spent the last 2 weeks searching around trying to find this answer.

Here are steps to verify KMS encryption on tapes with NetBackup 7.5;
Find the jobs on a particular tape you think may be encrypted;
/usr/openv/netbackup/bin/admincmd/bpimmedia -L -mediaid <media name>
get the "Backup-ID" in the first column
then run;
/usr/openv/netbackup/bin/admincmd/bpimagelist -backupid <Backup-ID> -L | grep "Flags:"
if tape is encrypted with KMS this will display;
" Flags: 0x40 (Tape Encrypted)"
and if tape is NOT encrypted this will display;
" Flags: 0x0"

  • Hi Mike,

    I JUST learned there's a defect in bpimmedia which you might be hitting.  This entry is in the 7.5.0.4 Release Notes (page 48):

    Etrack Incident: 2826378
    â–  Description:
    A missing Key Management Server tag in the bpimmedia output has been added.

    NetBackup 7.5.0.4 Release Notes
     http://symantec.com/docs/DOC5514

    Is there any chance you could apply 7.5.0.4?  (If not, there may be an EEB available under Etrack 2793446 depending on which version you're at.)  I believe your "0" will change to a real tag after that, which would make a little more sense, now that I think about it...