cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Configuring NBU client for encryption

Go to solution
joe-j
Level 4

‎06-21-2012 02:53 PM

Hello experts.

I am attempting to enable encryption on my backup policy and am trying to figure out how to do this.  Do I need to install a certificate onto the client, or is something pushed from the server?  I am looking through the manuals but am unable to find the solution.  Can someone please advise how this should be done?

I have a couple policies, from before I arrived, that have encrytion enabled, and the policies client has encryption required, so I presume the server is configured and it is the client that I need to configure.

The server and client are both Windows with the server running NBU 6.5.6.

This is all very new to me and I am trying to teach myself how to do it, so I appreciate all responses that are as simple to follow as possible.

Thanks very much!

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Yasuhisa_Ishika
Level 6
Partner Accredited Certified

‎06-21-2012 05:15 PM

FYI: Key creation procedure is documented in "NetBackup Security and Encryption Guide", and this technote.
http://www.symantec.com/docs/HOWTO46797

In your case(Windows client), all you have to do later is to check Encryption in Policy Attributes tab.
For UNIX/Linux clients with NetBackup 6.x or prior, Client Encryptio Option module must be installed first.

Check Encryption tab in Client Properties if job of backup policy with encryption failed.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
joe-j
Level 4

‎06-21-2012 04:28 PM

A key file needs to be created on the client.  

From the command line:  bpkeyutil -clients <client>
Enter new NetBackup pass phrase: ********************
Re-enter new NetBackup pass phrase: ********************
 

0 Kudos

Go to solution
Yasuhisa_Ishika
Level 6
Partner Accredited Certified

‎06-21-2012 05:15 PM

FYI: Key creation procedure is documented in "NetBackup Security and Encryption Guide", and this technote.
http://www.symantec.com/docs/HOWTO46797

In your case(Windows client), all you have to do later is to check Encryption in Policy Attributes tab.
For UNIX/Linux clients with NetBackup 6.x or prior, Client Encryptio Option module must be installed first.

Check Encryption tab in Client Properties if job of backup policy with encryption failed.

0 Kudos

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎06-21-2012 11:58 PM

Have you considered Netbackup KMS - This is tape drive based encryption based on the T10 standard.

Data will remain unencrypted until data is written to tape. Here the tape drive will encrypt the data with AES 256bit. LTO4 and up support tape based encryption.

Advantage: No CPU impact on client or media servers. Data is still compressible since the tape drives will compress first and then encrypt.

See more at : http://www.symantec.com/docs/HOWTO46814

0 Kudos