Showing results for 
Search instead for 
Did you mean: 

Tape Level Encryption

Level 1

I'm using LTO-5 Ultrium RW tapes (3TB) with Symantec Netbackup version 7.7.3 and HP MSL4048. Is there anyway I can enable HW encryption (Tape Level Encryption)? Any assistance or documentation is greately appreciated. 


Level 6
Partner    VIP    Accredited Certified

Level 6
Employee Accredited

KMS - details are in the hardware and encryption guide.

I attached a simple guide to this post - it's just some persona notes I used when setting up KMS to assist coleagues.  The keynames etc would need to be changed to something suitable, but if you work through the steps you should end up with working KMS.

You can just re-create the KMS DB to blow it all away and start again if you wish.

Obviouly, if you are going to delete, be sure you haven't encrypted any 'real' backups.

I suggest that you set it up to test, learn how to backup the keys, delete them them recreate them and then test you can restore your test backup.  If you stop KMS, that is the easy way to check the tape is encrypted as the restopre will fail.

Encryption is easy, it's the key management that will get you ...

There are a couple of ways to recover keys, practive them all ...

Also, always manually create the passphrase, if NBU does it automatically you can't recreate the keys, and would have to rely on a backup.  Also, you cannot merge KMS DB onto another environment, so if you move tapes to another server, you have to 'recrete' the keys, if that new system runs KMS.