02-17-2015 02:34 AM
Hello
Can someone please help me with the following question.
We have NetBackup version 7.6.0.3
I have a physical Server (Windows Server 2012 R2) which I want to backup
As there is sensative data on this Server I want to 'encrypt the backup'
Ideally I also want to be able to perform a bare metal restore of the Server should it fail completley
I want to backup to disk (e.g. disk pool) not tape
I watched a view videos on youtube, and it said use 'client' side encryption and compression before sending the data across to the Netbackup Server to be stored on disk. This is OK I can use client side encryption and compression as the backup will happen over night.
However my questions are
1:
if the client is doing the encryption, where are the encryption keys stored which will be require to decrupt the data when a restore is required? For example of the keys are stored on the Server being backed up, then is the Server fails I will not be able to restore the backup to another Server as the keys will be lost along with the Server.
2: If I can use client side encryption and compression to do my backup, does this configuration support bare metal restore of the Server, should the Server fail completley
3: Where can I download an eval of Netbackup 7.6.0.3 to test this in a lab before trying it in production as although we have license keys there are for the copy of NetBackup being used in production.
Thanks all in advance
AAnotherUser__
Solved! Go to Solution.
02-17-2015 02:45 AM
Client side encryption is very weak - only 56bit.
Please consider either MSEO (Media Server Encryption) or NBU KMS (Tape or disk based encryption). The downside of both are encryption appear outside the client.
02-17-2015 02:45 AM
Client side encryption is very weak - only 56bit.
Please consider either MSEO (Media Server Encryption) or NBU KMS (Tape or disk based encryption). The downside of both are encryption appear outside the client.
02-17-2015 11:19 PM
Key for Client Encpryption is stored in each client.
Encpryption and Collect disaster recovery information for bare metal restore attribute is exclusive. If you enable one, another is grayed out in Policy Attributes tab.
To obtain evaluation key, contact your local resaller or Symantec.
03-09-2015 02:50 AM
My 2c:
BMR and Client-Encryption cannot be used in the same policy.
When you select BMR in policy configuration, the encryption option is automatically disabled.
Some old (but still valid) TNs:
05-04-2015 11:20 PM
Thanks very much for the replies :)
AAnotherUser__