cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Q: Does Vaulting Encrypted Data to Encrypted Tape Pools Create a double-encrypted backup?

Go to solution
BackupTheFuture
Level 3

‎06-11-2013 12:01 PM

NetBackup version 6.5.6 on Solaris 10

Scenario:

A policy writes to disk pool which gets staged to an encrypted tape pool (ENCR_onsite). A vault policy then comes along and vaults the data from ENCR_onsite to a pool called ENCR_offsite.

Question

a) Does the data on ENCR_onsite now vaulted to ENCR_offsite now become double-encrypted when it goes to ENCR_offsite?

b) Does the data on ENCR_onsite get decrypted as it vaulted to ENCR_offsite, where it is re-encrypted with the keys for ENCR_offsite?

If a) happens, I would assume NetBackup cannot understand how to double-un-encrypt the data, correct?

Thanks.

Rob

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎06-11-2013 02:09 PM

A: No. Data read off a encrypted tape will be decrypted before send off to the host.

B: Yes

Yes - you are correct. Take a look at T/N below. If a double encryption was possible Netbackup wold need to store multiple Key Tags for a single backup image. It does not - only one key tag - and so not possible to use double encryption with NBU KMS

http://www.symantec.com/docs/TECH127166 

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎06-11-2013 02:09 PM

A: No. Data read off a encrypted tape will be decrypted before send off to the host.

B: Yes

Yes - you are correct. Take a look at T/N below. If a double encryption was possible Netbackup wold need to store multiple Key Tags for a single backup image. It does not - only one key tag - and so not possible to use double encryption with NBU KMS

http://www.symantec.com/docs/TECH127166 

0 Kudos