cancel
Showing results for 
Search instead for 
Did you mean: 

KMS restore

SARA_8
Level 4

Hello,

 

Encrypted backup using kms  on tapes sent to off-site library

what are the requirements for restoring these backup to local site  ?

 

Thanks

Sara

1 ACCEPTED SOLUTION

Accepted Solutions

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

are you saying , you would like to recover the tape with different master server which is in local site?

if yes, you would need to import the ecncription keys..

see the tech note below

http://www.symantec.com/business/support/index?page=content&id=TECH143390

 

below is just  from Tech note

http://www.symantec.com/business/support/index?page=content&id=TECH68876

KMS is the NetBackup Key Management Service. It can manage encryption keys for use by tape drives with built in hardware encryption.

Keys are created in the KMS database. When a backup to a tape from an encryption pool (pool name begins ENCR) is made, bptm requests the key from the key management service (nbkms) and passes it to the tape drive to encrypt the backup.

On restore, a key tag is read from the tape by bptm and the associated key is fetched from the nbkms service and passed to the drive so decryption can occur.

View solution in original post

2 REPLIES 2

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

are you saying , you would like to recover the tape with different master server which is in local site?

if yes, you would need to import the ecncription keys..

see the tech note below

http://www.symantec.com/business/support/index?page=content&id=TECH143390

 

below is just  from Tech note

http://www.symantec.com/business/support/index?page=content&id=TECH68876

KMS is the NetBackup Key Management Service. It can manage encryption keys for use by tape drives with built in hardware encryption.

Keys are created in the KMS database. When a backup to a tape from an encryption pool (pool name begins ENCR) is made, bptm requests the key from the key management service (nbkms) and passes it to the tape drive to encrypt the backup.

On restore, a key tag is read from the tape by bptm and the associated key is fetched from the nbkms service and passed to the drive so decryption can occur.

Nicolai
Moderator
Moderator
Partner    VIP   

If you configure the "remote KMS master server" with the same keys as the local you should ready to go. 

If not already done, you should have stored  the passphrase  for Host Master Key (HMK), Key Protection Key (KPK), Key group in a safe place. Using thease passphrase will enable you to creater the same key group on the "remote" master server. 

http://www.symantec.com/docs/TECH67972

Good links from Nagalla yes