06-11-2013 12:01 PM
NetBackup version 6.5.6 on Solaris 10
Scenario:
A policy writes to disk pool which gets staged to an encrypted tape pool (ENCR_onsite). A vault policy then comes along and vaults the data from ENCR_onsite to a pool called ENCR_offsite.
Question
a) Does the data on ENCR_onsite now vaulted to ENCR_offsite now become double-encrypted when it goes to ENCR_offsite?
b) Does the data on ENCR_onsite get decrypted as it vaulted to ENCR_offsite, where it is re-encrypted with the keys for ENCR_offsite?
If a) happens, I would assume NetBackup cannot understand how to double-un-encrypt the data, correct?
Thanks.
Rob
Solved! Go to Solution.
06-11-2013 02:09 PM
A: No. Data read off a encrypted tape will be decrypted before send off to the host.
B: Yes
Yes - you are correct. Take a look at T/N below. If a double encryption was possible Netbackup wold need to store multiple Key Tags for a single backup image. It does not - only one key tag - and so not possible to use double encryption with NBU KMS
http://www.symantec.com/docs/TECH127166
06-11-2013 02:09 PM
A: No. Data read off a encrypted tape will be decrypted before send off to the host.
B: Yes
Yes - you are correct. Take a look at T/N below. If a double encryption was possible Netbackup wold need to store multiple Key Tags for a single backup image. It does not - only one key tag - and so not possible to use double encryption with NBU KMS
http://www.symantec.com/docs/TECH127166