12-12-2023 05:48 AM
I'm running Netbackup 8.1 I would like to enable client side encryption but ı couldnt do it.
I followed the instruction but the \NetBackup\crypt directory is not on my master server.
https://www.veritas.com/support/en_US/article.100021401
Solved! Go to Solution.
12-12-2023 06:16 AM - edited 12-12-2023 06:17 AM
Is client encryption the right choice for you ?
Have you considered tape drive encryption using NBU KMS ?. Encryption happens in hardware on the tape drives and hasn't any performance impact. You do need to save passphrase for the KMS encryption is a very safe place in case master server crashes.
12-12-2023 06:16 AM - edited 12-12-2023 06:17 AM
Is client encryption the right choice for you ?
Have you considered tape drive encryption using NBU KMS ?. Encryption happens in hardware on the tape drives and hasn't any performance impact. You do need to save passphrase for the KMS encryption is a very safe place in case master server crashes.
12-12-2023 06:27 AM
Thanks,
Can I disable it whenever I want, or can I only do it for the client I want?
12-13-2023 12:36 AM
hi @soolean
When KMS is configured, it will only encrypt data going to tape pool with the ENCR_ prefix. Meaning you can stop encrypting data on tape by sending backup images to a tape pool not prefixed with ENCR_
Be aware encryption is good at maintaining confidentiality , but if you looses the encryption keys - no matter what you type of encryption being deployed, you too loose access to data. A bit of study in the technical implementation is required.