cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Netbackup 8.1.2 and encryption on LTO7 drives

pnobels
Level 3

‎01-02-2020 07:04 AM

Hi,

we want to start using encryption on our Powervault LT4000 LTO7 drives.  I've been digging into some documentation but one thing is not clear.  I you use KMS, do you then also need the encryption licenses on the Powervault media libraries (i noticed on each Powervault admin menu you can add a license to enable encryption)?

Thx!

0 Kudos
2 REPLIES 2

davidmoline
Level 6
Employee

‎01-02-2020 06:33 PM

Hi There
If you use KMS you are right you do not need, nor should you obtain the encryption license for the powervault. 
If I'm not mistaken, the powervault encryption license enables the Powervault to manage encryption only (completly independantly of NetBackup).
KMS allows the native capability of the LTO7 drives to encrypt data written to tape. 
HTH

Nicolai
Moderator
Moderator
Partner    VIP   

‎01-03-2020 12:24 AM - edited ‎01-03-2020 04:54 AM

You definitive want to go with the Netbackup KMS option. It is relative straight forward setup and once configured, doesn't need any maintenance. Don't buy encryption license on a library level, if you replace the library you loose the option to restore data, whereas Netbackup KMS doesn't have that limitation.

That said - you need to think about how you will manage the encryption keys (passphrases). If the passphrase is static - no problem. But if you plan to change the passphrase faster than youre longest retention, then you will have to figure out how to match passphrases vs. time period manually. Netbackup doesn't help you here.

How to Export and Import Encryption Keys Using the NetBackup KMS
https://www.veritas.com/content/support/en_US/article.100003573