cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Import KMS-files to a new NetBackup Master Server with already imported old catalog (NetBackup 8.2)

Go to solution
Didi7
Level 4

‎10-25-2023 06:07 AM

Hello, I need to restore virtual machines located on tape media that was encrypted with KMS. We have the following files available ...

db\KMS_DATA.dat

key\KMS_HMKF.dat

key\KMS_KPKF.dat

Is it true, that those files just need to be copied to the right place (the question is where is this place on a NetBackup server running on a Windows Server system?) and the 'NetBackup Key Management Service' needs to be started or are there other things to be considered?

Thanks in advance for any reply.

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎10-25-2023 07:24 AM

Hi @Didi7 

Guidance can be found in Veritas NetBackup™ Security and Encryption Guide

About recovering KMS by restoring all data files

If you have made backup copies of the KMS_DATA.dat, KMS_HMKF.dat, and KMS_KPKF.dat files, it is just a matter of restoring these three files. Then startup the nbkms service and the KMS system will be up and running again.

https://www.veritas.com/content/support/en_US/doc/21733320-127424841-0/v21635120-127424841

On Windows the location is : 

\Program Files\Veritas\kms\db\KMS_DATA.dat
\Program Files\Veritas\kms\key\KMS_HMKF.dat
\Program Files\Veritas\kms\key\KMS_KPKF.dat

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎10-25-2023 07:24 AM

Hi @Didi7 

Guidance can be found in Veritas NetBackup™ Security and Encryption Guide

About recovering KMS by restoring all data files

If you have made backup copies of the KMS_DATA.dat, KMS_HMKF.dat, and KMS_KPKF.dat files, it is just a matter of restoring these three files. Then startup the nbkms service and the KMS system will be up and running again.

https://www.veritas.com/content/support/en_US/doc/21733320-127424841-0/v21635120-127424841

On Windows the location is : 

\Program Files\Veritas\kms\db\KMS_DATA.dat
\Program Files\Veritas\kms\key\KMS_HMKF.dat
\Program Files\Veritas\kms\key\KMS_KPKF.dat

0 Kudos

Go to solution
Didi7
Level 4

‎10-25-2023 10:38 AM

Hi Nicolai,

it really was as simple as that. Restores from encrpyted media is possible now. I read about it in another thread but nothing was mentioned about the path for the KMS files within a Windows Server environment.

Thank you for your prompt answer.

 

0 Kudos

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   
In response to Didi7

‎10-26-2023 12:48 AM

Hi @Didi7 

Glad I could help.

Word of advice. Pls make sure you protect (backup) the KMS files or the pass phrases KMS keys were generated by on a medium NOT encrypted by KMS. Else you truly have a catch 22

0 Kudos

Go to solution
Didi7
Level 4
In response to Nicolai

‎10-26-2023 01:19 AM - edited ‎10-26-2023 01:21 AM

Hello Nicolai,

KMS files, passphrases and the likes are safely protected on different systems and several times on tape media and even on USB sticks in a professional safe.

I assume KMS files don't change, as long as you do not change any passphrases?

The above mentioned server is just for restore purposes.

In the meantime I could successfully restore 3 VMs from 3 different encrypted tapes.

Regards

 

0 Kudos