I have a problem about the MSEO(media server encryption option).
backup environment like below：
DC SITE(MAST BACKUP SITE)
Master server: SHAA2SNBU38
Media server: SHAA2SNBU38
first backup data to DD640,then vault to tape in i500.
DR SITE(DISASTER RECOVERY SITE)
Master server: SHAA2SNBU38(the same DC site master server)
Media server: SHAA5SNBU61
backup type like DC SITE
Now i have problem:
Vault to tape is through encryption by mseo(media server of SHAA2SNBU38).Then i take the tape to DR site and recovery the tape from media server(SHAA5SNBU61) successfully.But the site of DR(SHAA5SNBU61) is out of mseo agent. why it does sucessfully?
additional query:Recovery data what backup through MSEO must need media server installing MSEO agent?
Is the backup actually encrypted ?
If you look in the meso log you should see if it is really encrypted:
Another way to test, is take one of the backups on the Live site, stop mseo services and try to restore - it should fail. Restart mseo, restore agin and it should work.
If you want to use the MSEO encription at the other site, you have to install the MSEO agent. But it seems that MSEO is not working now.
check the logs and run the command "cgconfig list" to check if the devices have encription option enabled.
Do you use the DD as VTL or as OST (or nfs)?
I'm not sure if the MSEO is working with duplicated tapes. How do you enable the encription during the duplication?
If the cgconfig command shows that your drives are encreption enabled try to run a backup directly to i500 and see what will happen at the DR site.
One more question. What drive types you are using at the i500 and the i40?
Not sure where the log is on windows, just do a search on the mseo server for mseo.log
It is difficult to tell if iyt is encrypted, as mseo 'happens after' NBU - the easiest way is to stop the mseo services and try a restore.
Have you consider using Netbackup KMS (tape drived base encryption) insted of MSO ?
LTO4 and newer all support hardware encryption (MSO is software based encryption).
i want to which type of key combination use by veritas to encrypt or decrypt the file because I apply the key to decrypt it but it not happen and why it is doesnot ask for key while decrypting bkffile, why in veritas folder in driver no paste option available.
You need to start a new post clearly explaining what your issue is, as opposed to just adding to a thread several years old.
You have not explained what you are trying to do, what type of encryption you are using.
Using vertias tool I created a bkf encrypted file and I know the key and pass phrase of the file.
I m using this encrypted file for my project in which i have to decrypt the bkf file using algo through project not any third party tool and save it but when i use key or pass phrase to decrypt it it not possible , so i want to know which algo veritas using to decrypt the bkf file because when i decrypt it through veritas it does not ask for key and for same file same key encrypted data is different, so can you tell me what procedure veritas usage to decrypt the bkf file or which type of key combination it usage to decrypt it.
How are you using the "veritas tool" to encrypt a file? This doesn't really make sense as NetBackup encrypts backups not files. Also depending on the where the encryption is being implemented by NetBackup will vary how the process is done (for instance encryption to tape is performed differently to encrytion to MSDP).
If you explain what it is you have encrypted and how (provide commands used, or explain the process you used) then maybe we can help.
Thanks for replying me, I m using a TAPE file and the process is I take a backup of bkf file and then give a command to encrypted it and where i get to choose option for 128 or 256 and key, pass phrase after apply all the procedure i encrypted my bkf file. So i just want how to decrypt that file data using another tool which key combination will be used, because when i m using key or pass phrase to decrypt it did not give the desired result