I recently configured NetBackup KMS on two appliances both production and DR sites. I was able to restore data from each site successfully.
I attempted a restore of data from media that was backed up in Production to restore in DR using the following steps:
Plese refer to page 310 in the security and ecncryption guide
The key need to be in either active or inactive state in order to read encrypted data. Pleasee check the state of the imported key
From the above mentioned document:
Note: Keys can be created in either the prelive state or the active state. Active key records are available for both backup and restore operations. An inactive key is only available for restore operations. Deprecated keys are not available for use. If your key record is in the deprecated state and you attempt to do a backup or restore with that key record, it can fail. A key record that is in the terminated state can be removed from the system
The key is in an active state. One question though. If i need only one key from Production in DR do I need to copy the following files to DR?
KMS_DATA.dat (DATA file) is located in the /kms/db/ directory
KMS_HMKF.dat (HMKF file) is located in the /kms/key/ directory
No - you should not copy those files, as you will loose the keys defined in the DR KMS database (if any).
I recommend follwing the best pratices outlined in :
Please consider to use well known passphrases (stored in a safe place), then is just a qustion of re-creating the keys without copying KMS files forth and back.