10-03-2016 08:03 AM
I recently configured NetBackup KMS on two appliances both production and DR sites. I was able to restore data from each site successfully.
I attempted a restore of data from media that was backed up in Production to restore in DR using the following steps:
10-04-2016 03:44 AM
Plese refer to page 310 in the security and ecncryption guide
http://www.veritas.com/docs/000004642
The key need to be in either active or inactive state in order to read encrypted data. Pleasee check the state of the imported key
From the above mentioned document:
Note: Keys can be created in either the prelive state or the active state. Active key records are available for both backup and restore operations. An inactive key is only available for restore operations. Deprecated keys are not available for use. If your key record is in the deprecated state and you attempt to do a backup or restore with that key record, it can fail. A key record that is in the terminated state can be removed from the system
10-04-2016 04:37 AM
@KSachaB please always quote the document or URL where you copy & paste from. e.g.
http://www.veritas.com/docs/000009714
10-04-2016 05:20 AM
The key is in an active state. One question though. If i need only one key from Production in DR do I need to copy the following files to DR?
KMS_DATA.dat (DATA file) is located in the /kms/db/ directory
KMS_HMKF.dat (HMKF file) is located in the /kms/key/ directory
10-05-2016 03:30 AM
No - you should not copy those files, as you will loose the keys defined in the DR KMS database (if any).
I recommend follwing the best pratices outlined in :
http://www.veritas.com/docs/000009714
Please consider to use well known passphrases (stored in a safe place), then is just a qustion of re-creating the keys without copying KMS files forth and back.
10-05-2016 05:04 AM
I did follow the recommended article. Every step. Not sure what went wrong. When I do listkeys on DR it is the same as in Production.