01-13-2014 09:45 AM
when i tried to create a new encryption key on NBU master (7.5.0.6), i got an error message saying "reach the encryption key maximum". this is the first time we see that. we have two encryption keys applied (encryption (legacy DES-40-bit), encryption (legace DES-56-bit)). do we have to buy more and how VERITAS count the encryption keys? we are using the encryption for all of our tape drives. usually we create a new key every new quarter, looks so far we have 7 keys created.
thanks in advance.
Solved! Go to Solution.
01-13-2014 11:33 AM
So just to confim, are you using MESO or KMS?
If KMS, what states are your other 7 keys in, (ie. active, inactive, depreciated,...)?
Netbackup has a Maximum of 20 Key Groups (ability to encrypt a total of 20 volume and/or disk pools) with 10 encryption keys per group (In NetBackup 7.6, a maximum number of 100 key groups will be supported.)
01-13-2014 11:33 AM
So just to confim, are you using MESO or KMS?
If KMS, what states are your other 7 keys in, (ie. active, inactive, depreciated,...)?
Netbackup has a Maximum of 20 Key Groups (ability to encrypt a total of 20 volume and/or disk pools) with 10 encryption keys per group (In NetBackup 7.6, a maximum number of 100 key groups will be supported.)
01-13-2014 11:44 AM
thanks for your information, Sym Terry.
Here is my detailed information and further questions.
KMS.
Two key groups, each group has one active key.
I think i may reach 10 keys on existing group. should i create a new group? will the restore still work on previous group?
thanks
01-14-2014 12:13 AM
NBU KMS uses AES256 af default encryption schema. There is a mismatch when you state the use of DES-40-bit or DES-56-bit.
The maximum length of a encryption keys in NBU KMS is 1024 charters. You can list the keys in a keygroup using below command:
nbkmsutil -listkeys -kgname ENCR_acme
All KMS encrypted volume pool need the ENCR_ prefix
01-14-2014 12:37 AM
Regarding KMS group. A new KMS group will point to a new ENCR_ volume pool.
Please consult the Security and encryption guide:
http://www.symantec.com/docs/DOC5185