cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

NBU encryption keys

Go to solution
FlyMountain
Moderator
Moderator
   VIP   

‎01-13-2014 09:45 AM

when i tried to create a new encryption key on NBU master (7.5.0.6), i got an error message saying "reach the encryption key maximum". this is the first time we see that. we have two encryption keys applied (encryption (legacy DES-40-bit), encryption (legace DES-56-bit)). do we have to buy more and how VERITAS count the encryption keys? we are using the encryption for all of our tape drives. usually we create a new key every new quarter, looks so far we have 7 keys created.

thanks in advance. 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
SymTerry
Level 6
Employee Accredited

‎01-13-2014 11:33 AM

So just to confim, are you using MESO or KMS?

If KMS, what states are your other 7 keys in, (ie. active, inactive, depreciated,...)?

Netbackup has a Maximum of 20 Key Groups (ability to encrypt a total of 20 volume and/or disk pools) with 10 encryption keys per group (In NetBackup 7.6, a maximum number of 100 key groups will be supported.)

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
SymTerry
Level 6
Employee Accredited

‎01-13-2014 11:33 AM

So just to confim, are you using MESO or KMS?

If KMS, what states are your other 7 keys in, (ie. active, inactive, depreciated,...)?

Netbackup has a Maximum of 20 Key Groups (ability to encrypt a total of 20 volume and/or disk pools) with 10 encryption keys per group (In NetBackup 7.6, a maximum number of 100 key groups will be supported.)

0 Kudos

Go to solution
FlyMountain
Moderator
Moderator
   VIP   

‎01-13-2014 11:44 AM

thanks for your information, Sym Terry.

Here is my detailed information and further questions.

KMS.

Two key groups, each group has one active key.

I think i may reach 10 keys on existing group. should i create a new group? will the restore still work on previous group?

thanks

0 Kudos

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎01-14-2014 12:13 AM

NBU KMS uses AES256 af default encryption schema. There is a mismatch when you state the use of  DES-40-bit or DES-56-bit.

The maximum length of a encryption keys in NBU KMS is 1024 charters. You can list the keys in a keygroup using below command:

nbkmsutil -listkeys -kgname ENCR_acme

All KMS encrypted volume pool need the ENCR_ prefix

 

0 Kudos

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎01-14-2014 12:37 AM

Regarding KMS group. A new KMS group will point to a new ENCR_ volume pool.

Please consult the Security and encryption guide:

http://www.symantec.com/docs/DOC5185

0 Kudos