Solved: NetBackup KMS between DC-DR

V4 · ‎10-01-2013

Hi Connect

How KMS works and design should be considered for NBU at DC and DR

NBU is on solaris SPARC on DC and DR (same system config)

Hostnames are different at DC-DR.

From Sec-Encryption admin guide we have options available of recovering keys from data files and passphrases /passcodes. But how do we setup automated process of key and key groups and other KMS details to sync with DR KMS server

KMS is not backed up as a part of catalog, hence it must be quieced (for consistent copy) and then must be backed up (either using NBU or other methods of copy, writing to CD/DVD or USB etc.)

Can AIR help in this, if so how.

Pls share your views on same.

Nicolai · ‎10-01-2013

Well AIR will not designed directly to solve the issue. If you make the master a client of another master server, and create bpstart_notify/bpend_notify script and backup the KMS to unencrypted store, it should work.

Else copy the backup of the KMS to the DR master server using rsync and crontab. It's dead simple.

You should always be in control of what pass-phrases being used. You can loose the KMS database and re-create it with the pass-phrases being used. Alternative write a governance procedure for the use of encryption.

View solution in original post

Nicolai · ‎10-01-2013

Well AIR will not designed directly to solve the issue. If you make the master a client of another master server, and create bpstart_notify/bpend_notify script and backup the KMS to unencrypted store, it should work.

Else copy the backup of the KMS to the DR master server using rsync and crontab. It's dead simple.

You should always be in control of what pass-phrases being used. You can loose the KMS database and re-create it with the pass-phrases being used. Alternative write a governance procedure for the use of encryption.

VOX

NetBackup KMS between DC-DR