cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Need some help with KMS, status 9

Go to solution
Oddman
Level 2

‎12-23-2013 08:56 AM

Hi All,

Hope anyone can help me.

Running Windows Server 2008 R2 SP1 x64 and NetBackUp 7.5.0.1 with a Dell ML6000 (IBM Ultrium TD3 SCSI tape drives)

I want to do server side encryption, so I configured KMS (correctly?) and ticked the box "Encryption" in the policy.

But why does this job always fails with "status 9: a necessary extension package is not installed or not configured properly"?

Regards,

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎12-24-2013 01:38 AM

From the Security and Encryption Guide:

About the Key Management Service (KMS)
The NetBackup Key Management Service (KMS) feature is included as part of the
NetBackup Enterprise Server and NetBackup Server software.Anadditional license
is not required to use this functionality. KMS runs on NetBackup and is a master
server-based symmetric Key Management Service. The KMS manages symmetric
cryptography keys for the tape drives that conform to the T10 standard (LTO4).
KMS has been designed to use volume pool-based tape encryption. KMS is used
with the tape hardware that has a built-in hardware encryption capability. An
example of a tape drive that has built-in encryption is the IBM ULTRIUM TD4
cartridge drive. KMS is also used with disk volumes associated with NetBackup
AdvancedDisk storage solutions. KMS runs with Cloud storage providers. KMS
runs on Windows and UNIX. KMS generates keys from your passcodes or it
auto-generates keys. The KMS operations are done through the KMS command
line interface (CLI) or the Cloud Storage Server Configuration Wizard (when KMS
is used with Cloud storage providers). The CLI options are available for use with
both nbms and bmkmsutil.
KMS has a minimal effect on existing NetBackup operation system management
and yet provides a foundation for future Key Management Service enhancements

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎12-23-2013 09:02 AM

If your drives are SCSI then you cannot use KMS - only enabled drives will work - a selected few Fibre and SAS attached LTO4/5/6 drives

So your error will be caused by your tape drives not actually supporting encryption

See the hardware compatibility list for full details - the encryption and security section:

http://www.symantec.com/docs/TECH76495

0 Kudos

Go to solution
Will_Restore
Level 6

‎12-23-2013 09:07 AM

See Marianne's solution in this older thread:

https://www-secure.symantec.com/connect/forums/error-end-writing-necessary-extension-package-not-installed-or-not-configured-properly-9

 

0 Kudos

Go to solution
RamNagalla
Moderator
Moderator
Partner    VIP    Certified

‎12-23-2013 09:13 AM

Did you push the encryption binaries to the client

follow the tech note to get this configured successfully

http://www.symantec.com/business/support/index?page=content&id=TECH72130

0 Kudos

Go to solution
Oddman
Level 2

‎12-23-2013 09:33 AM

@ wr & Nagalla,

Thank you for your reply but I do not want to use client side encryption.Only want the data written to tape to be encrypted, not transfered encrypted over the network.

@ Mark_Solutions. Why must the tape drive support encryption? Thought that the data would be encrypted on the server and then be writting to tape.

 

0 Kudos

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎12-24-2013 01:38 AM

From the Security and Encryption Guide:

About the Key Management Service (KMS)
The NetBackup Key Management Service (KMS) feature is included as part of the
NetBackup Enterprise Server and NetBackup Server software.Anadditional license
is not required to use this functionality. KMS runs on NetBackup and is a master
server-based symmetric Key Management Service. The KMS manages symmetric
cryptography keys for the tape drives that conform to the T10 standard (LTO4).
KMS has been designed to use volume pool-based tape encryption. KMS is used
with the tape hardware that has a built-in hardware encryption capability. An
example of a tape drive that has built-in encryption is the IBM ULTRIUM TD4
cartridge drive. KMS is also used with disk volumes associated with NetBackup
AdvancedDisk storage solutions. KMS runs with Cloud storage providers. KMS
runs on Windows and UNIX. KMS generates keys from your passcodes or it
auto-generates keys. The KMS operations are done through the KMS command
line interface (CLI) or the Cloud Storage Server Configuration Wizard (when KMS
is used with Cloud storage providers). The CLI options are available for use with
both nbms and bmkmsutil.
KMS has a minimal effect on existing NetBackup operation system management
and yet provides a foundation for future Key Management Service enhancements

0 Kudos

Go to solution
Oddman
Level 2

‎12-24-2013 01:51 AM

Thank you very much Mark_Solutions. I'll upgrade the drives.

Regards

0 Kudos

Go to solution
Mark_Solutions
Level 6
Partner Accredited Certified

‎12-24-2013 01:56 AM

You are welcome - have a good Xmas

0 Kudos