cancel
Showing results for 
Search instead for 
Did you mean: 

DB Encryption Key

D_Corrigan
Level 3

On the home screen we were being prompted to export a DB encryption key. I ran through the wizard and picked a location to export it to. The question is now what?

It created a .dek file that I cannot open and I have no idea what the key is or what it is for. I thought it may be related to a restore but we used another key that the previous admin made and had written down. The new key was not listed in config>backup settings>network and security but IS listed in config>db maint

5 REPLIES 5

pkh
Moderator
Moderator
   VIP    Certified

Now you keep it in some place safe.  You would need it if you want to use the BEDB on another machine or when you recover the existing media server.  Without this key, you would not be able to use the BEDB.  Do read the Admin Guide for more details.

D_Corrigan
Level 3

For anyone that happens on to this thread here is the answer in English. You need the passphrase key to start the install and you need the .dak key to finish it. The later can be put on a thumbdrive and run locally after it is created.

Honestly I have just about given up on this software. I am in the process of trying to restore a third server and in this particular instance it just hangs during the restore process. The first server restored but dies on first boot with the blackscreen error. The suggested solutions to this problem do not work. It's a nightmare and seems to be functionally useless for even the simplest configurations nevermind a BMR or complex recovery.

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

Sorry D_Corrigan but you have this wrong

Passphrases relate to Backup Set Encryption keys and have nothing to do with the DEK and nothing to do with installs - in fact if you don't use backup set encryption you won't even have any passphrases. Passphrases are needed to restore encrypted backup sets on systems that don't already have the Backup Set Encryption key held inside the BEDB.

The DEK is the key used to encrypt certain security related tables inside the database. If you backup the database without having an exported DEK then if you ever need to re-install Backup Exec but still use the old database you won't be able to use the security information inisde the backed up BEDB and will probably need assistance to get to a point where you can re-enter the security information manually (which in practical terms means the Backup of your BEDB is not that useful)

 

 

mgmasterv2
Level 6
Partner Accredited

in my oponion BE only works in small organizations with simple network and 4-5 Tb of data but somthing more than that and with limited backup window dont count on BE just use Netbackup its faster and more stable than BE.

D_Corrigan
Level 3

Well all I know is that when I started the backup over the network it asked for the first key which was the passphrase one and would not proceed without it. When the backup was done it asked for the location of the .dak file and would not proceed without it.

I'm not sure about the why's and how's in the backend but from an end user standpoint trying to use the product in a real enviroment that is what actually happened.