06-21-2012 02:53 PM
Hello experts.
I am attempting to enable encryption on my backup policy and am trying to figure out how to do this. Do I need to install a certificate onto the client, or is something pushed from the server? I am looking through the manuals but am unable to find the solution. Can someone please advise how this should be done?
I have a couple policies, from before I arrived, that have encrytion enabled, and the policies client has encryption required, so I presume the server is configured and it is the client that I need to configure.
The server and client are both Windows with the server running NBU 6.5.6.
This is all very new to me and I am trying to teach myself how to do it, so I appreciate all responses that are as simple to follow as possible.
Thanks very much!
Solved! Go to Solution.
06-21-2012 05:15 PM
FYI: Key creation procedure is documented in "NetBackup Security and Encryption Guide", and this technote.
http://www.symantec.com/docs/HOWTO46797
In your case(Windows client), all you have to do later is to check Encryption in Policy Attributes tab.
For UNIX/Linux clients with NetBackup 6.x or prior, Client Encryptio Option module must be installed first.
Check Encryption tab in Client Properties if job of backup policy with encryption failed.
06-21-2012 04:28 PM
A key file needs to be created on the client.
From the command line: bpkeyutil -clients <client>
Enter new NetBackup pass phrase: ********************
Re-enter new NetBackup pass phrase: ********************
06-21-2012 05:15 PM
FYI: Key creation procedure is documented in "NetBackup Security and Encryption Guide", and this technote.
http://www.symantec.com/docs/HOWTO46797
In your case(Windows client), all you have to do later is to check Encryption in Policy Attributes tab.
For UNIX/Linux clients with NetBackup 6.x or prior, Client Encryptio Option module must be installed first.
Check Encryption tab in Client Properties if job of backup policy with encryption failed.
06-21-2012 11:58 PM
Have you considered Netbackup KMS - This is tape drive based encryption based on the T10 standard.
Data will remain unencrypted until data is written to tape. Here the tape drive will encrypt the data with AES 256bit. LTO4 and up support tape based encryption.
Advantage: No CPU impact on client or media servers. Data is still compressible since the tape drives will compress first and then encrypt.
See more at : http://www.symantec.com/docs/HOWTO46814