03-07-2013 07:51 AM
I am looking at encrypting my backups.
I am concerned however about recovery.
If my server goes down totally, and I have rebuilt it, if I go through the process of entering the exact same passphrase on the newly rebuilt server, will Backup Exec be able to restore the encrypted data?
I am just concerned that the passphrase might change the encryption key and now all my backups are no good, unable to restore any data since the server crashed and the encryption key is gone and a new one created. Even though I used the same exact passphrase.
Thank you for any assistance on this issue.
03-07-2013 11:25 AM
This should not be an issue... The Passphrase is stored in the backupexec database. When you restore the media server the BEDB is restored durring the restoration. Using the account that owns the Key should not present you with any issues. If you use a different account you would just need to know the passphrase.
To protect your keys, Symantec recommends the following:
Maintain a written log of the pass phrases. Keep the log in a safe place in a separate physical location from the encrypted backup sets.
Back up the Backup Exec database. The database keeps a record of the keys.
Caution: |
If you do not have a backup of the Backup Exec database and do not remember your pass phrases, you cannot restore data from the encrypted media. In addition, Symantec cannot restore encrypted data in this situation. |
View doc below
http://www.symantec.com/docs/HOWTO22978
03-07-2013 01:48 PM
So, as long as I remember my passphrase, Backup Exec will create an encryption key that will always match, is that correct?
I am just concerned that Backup Exec, using the exact same passphrase, will not come up with the matching encryption key.
03-07-2013 01:55 PM
You Got it friend!!
03-07-2013 04:02 PM
Thank you so much. I really appreciate it a lot!
03-07-2013 06:34 PM
To reassure yourself that all these work, you can create a passphrase and backup a small directory encrypted with this passphrase.
If you have another media server or a test media server, try to catalog and restore this encrypted backup. You would be prompted for the passphrase. If you enter the correct passphrase, you will be able to proceed.
If you do not have another media server, delete the passphrase from your media server and try to restore the encrypted backup. If you are able to respond to the prompt with the correct passphrase, you would be able to proceed.
03-07-2013 09:00 PM
Very cool idea. Will give that a try.
Thanks again.