cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

NetBackup and Client side Encryption

Go to solution
AAnotherUser__
Level 2

‎02-17-2015 02:34 AM

Hello

Can someone please help me with the following question.

We have NetBackup version 7.6.0.3

I have a physical Server (Windows Server 2012 R2) which I want to backup

As there is sensative data on this Server I want to 'encrypt the backup'

Ideally I also want to be able to perform a bare metal restore of the Server should it fail completley

I want to backup to disk (e.g. disk pool) not tape

I watched a view videos on youtube, and it said use 'client' side encryption and compression before sending the data across to the Netbackup Server to be stored on disk. This is OK I can use client side encryption and compression as the backup will happen over night.

However my questions are

1:

if the client is doing the encryption, where are the encryption keys stored which will be require to decrupt the data when a restore is required? For example of the keys are stored on the Server being backed up, then is the Server fails I will not be able to restore the backup to another Server as the keys will be lost along with the Server.

2: If I can use client side encryption and compression to do my backup, does this configuration support bare metal restore of the Server, should the Server fail completley

3: Where can I download an eval of Netbackup 7.6.0.3 to test this in a lab before trying it in production as although we have license keys there are for the copy of NetBackup being used in production.

 

Thanks all in advance

AAnotherUser__

 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎02-17-2015 02:45 AM

Client side encryption is very weak - only 56bit. 

Please consider either MSEO (Media Server Encryption) or NBU KMS (Tape or disk based encryption). The downside of both are encryption appear outside the client.

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎02-17-2015 02:45 AM

Client side encryption is very weak - only 56bit. 

Please consider either MSEO (Media Server Encryption) or NBU KMS (Tape or disk based encryption). The downside of both are encryption appear outside the client.

0 Kudos

Go to solution
Yasuhisa_Ishika
Level 6
Partner Accredited Certified

‎02-17-2015 11:19 PM

Key for Client Encpryption is stored in each client.

Encpryption and Collect disaster recovery information for bare metal restore attribute is exclusive. If you enable one, another is grayed out in Policy Attributes tab.

To obtain  evaluation key, contact your local resaller or Symantec.

0 Kudos

Go to solution
Marianne
Level 6
Partner    VIP    Accredited Certified

‎03-09-2015 02:50 AM

My 2c:

BMR and Client-Encryption cannot be used in the same policy.

When you select BMR in policy configuration, the encryption option is automatically disabled.

Some old (but still valid) TNs:

http://www.symantec.com/docs/TECH72130 

http://www.symantec.com/docs/TECH56759 


Handy NetBackup Links
0 Kudos

Go to solution
AAnotherUser__
Level 2

‎05-04-2015 11:20 PM

Thanks very much for the replies :)

 

AAnotherUser__

0 Kudos