03-31-2013 01:06 AM
Hello,
Encrypted backup using kms on tapes sent to off-site library
what are the requirements for restoring these backup to local site ?
Thanks
Sara
Solved! Go to Solution.
03-31-2013 01:41 AM
are you saying , you would like to recover the tape with different master server which is in local site?
if yes, you would need to import the ecncription keys..
see the tech note below
http://www.symantec.com/business/support/index?page=content&id=TECH143390
below is just from Tech note
http://www.symantec.com/business/support/index?page=content&id=TECH68876
KMS is the NetBackup Key Management Service. It can manage encryption keys for use by tape drives with built in hardware encryption.
Keys are created in the KMS database. When a backup to a tape from an encryption pool (pool name begins ENCR) is made, bptm requests the key from the key management service (nbkms) and passes it to the tape drive to encrypt the backup.
On restore, a key tag is read from the tape by bptm and the associated key is fetched from the nbkms service and passed to the drive so decryption can occur.
03-31-2013 01:41 AM
are you saying , you would like to recover the tape with different master server which is in local site?
if yes, you would need to import the ecncription keys..
see the tech note below
http://www.symantec.com/business/support/index?page=content&id=TECH143390
below is just from Tech note
http://www.symantec.com/business/support/index?page=content&id=TECH68876
KMS is the NetBackup Key Management Service. It can manage encryption keys for use by tape drives with built in hardware encryption.
Keys are created in the KMS database. When a backup to a tape from an encryption pool (pool name begins ENCR) is made, bptm requests the key from the key management service (nbkms) and passes it to the tape drive to encrypt the backup.
On restore, a key tag is read from the tape by bptm and the associated key is fetched from the nbkms service and passed to the drive so decryption can occur.
03-31-2013 02:31 AM
If you configure the "remote KMS master server" with the same keys as the local you should ready to go.
If not already done, you should have stored the passphrase for Host Master Key (HMK), Key Protection Key (KPK), Key group in a safe place. Using thease passphrase will enable you to creater the same key group on the "remote" master server.
http://www.symantec.com/docs/TECH67972