cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypt option greyed out when creating a any Policy

Quad0
Level 2

Hello,

Currently running Netbackup 7.7 on RHEL6. I have configured KMS and the keys required. Created the ENCR_ with the keygroup name and the volume pool name the same. However, when this volume pool is chosen, the Encrypt option on the right is still greyed out. 

How can I encrypt the data being written to the media? 

I have tried to look through some of the docs here that others have posted in replies but majority of the relevant ones are all dead links or 404's. 

If someone could help me with this, I would really appreciate it.

Thank you.

Z.

5 REPLIES 5

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

@Quad0 

The Encryption option in Policy attributes is for NBU CLIENT encryption.
The client encrypts the data before sending to the media server.
This option is not available for all policy types.
Client Encryption is explained in NBU Admin Guide I.

It should NOT be combined with KMS encryption.

KMS encryption is explained in NBU Security and Encryption Guide. https://vox.veritas.com/t5/NetBackup/Netbackup-KMS-on-new-master/m-p/660266#M172439
Links to NBU manuals in 'Handy NBU Links' in my signature.

Please also read this excellent post by @mph999 :
https://vox.veritas.com/t5/NetBackup/Netbackup-KMS-on-new-master/m-p/660266#M172439

 

jnardello
Moderator
Moderator
   VIP    Certified
And while you're following @Marianne's reading instructions, don't forget to read up on how to back up your KMS database - and remember not to run it to the same ENCR_ volume pool, or you won't be able to restore it later on if your KMS is unavailable. =)

Hello,

Could you please elaborate a bit more when you say, "not to run it to the same ENCR_ volume pool"? 

Thank you.

Marianne,

Thank you so much for this thread. This has helped me so much.

I found that what I had setup was working ok, I was confused about the grey box which said Encrypt. I confirmed that my tape/data was being encrypted by looking under the:

Tape Reports, Images on Tape and searching for my media ID. 

This showed the key that it was using to encrypt my data! :)

Thanks once again. Now I know where to come for all things NetBackup! Hooray!!

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

@Quad0 wrote:

Hello,

Could you please elaborate a bit more when you say, "not to run it to the same ENCR_ volume pool"? 

Thank you.


It means "do not backup your KMS database to the ENCR_  pool".