cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

LTO4 encryption key management in netbackup?

rhatguy
Level 3

‎12-17-2007 07:50 AM

There are a number of options out there for encryption key management these days (specifically for the hardware LTO4 encryption).  Does anyone know if/when Veritas/netbackup is planning to offer built in key management?  It seems like a logical thing to integrate into the backup application.  Anyone heard any rumors?
0 Kudos
4 REPLIES 4

ahlip
Level 5

‎12-17-2007 08:21 AM

Not in the immediate future. Media server encryption at software layer is still the most recommended solution.
0 Kudos

rhatguy
Level 3

‎03-03-2008 11:01 AM

Bringing an old thread back to life.  I see there are a number of people on the board now using native LTO4 encryption and we're looking further into this at this point.  As netbackup still doesn't have any key management built in what EKM are you guys using?  Does anyone have any experience switching EKM's with LTO4?  I see IBM has a java based EKM but wonder if we later switched to a different EKM if the keys could be imported?
0 Kudos

Ron_Cohn
Level 6

‎06-17-2008 12:11 PM

Just touching this thread to keep it current.  Does anyone at Symantec know if the future roadmap has NetBackup passing the encryption keys to the LTO-4 device?
0 Kudos

cmumma
Level 3

‎06-17-2008 01:50 PM

As I understood it, this feature is available in 6.5.2:
 
 
"

The Key Management Service (KMS) feature runs on NetBackup 6.5.2 and is a

master server based symmetric key management service that manages

symmetric cryptography keys for tape drives that conform to the T10 standard

(LTO4). KMS has been designed to uses volume pool based tape encryption. KMS

is used with tape hardware that has built-in hardware encryption capability. An

example tape drive with built-in encryption is the IBM ULTRIUM TD4 cartridge

drive. KMS runs on Windows and UNIX. KMS generates keys from your

passcodes or auto-generates keys. KMS operations are done through the KMS

Command Line Interface (CLI). The CLI options are available for use with both

nbms and bmkmsutil.

KMS has a minimal impact on existing NetBackup operation system

management and yet provides a foundation for future Key Management Service

enhancements. The initial release of KMS has a limited feature set in this 6.5.2

unlicensed version with a limited number of key groups and key records for each

key group."

0 Kudos