cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

configure NetBackup Client Encryption Option

Go to solution
soolean
Level 4

‎12-12-2023 05:48 AM


I'm running Netbackup 8.1    I would like to enable client side encryption but ı couldnt do it. 

I followed the instruction but the \NetBackup\crypt directory is not on my master server.

https://www.veritas.com/support/en_US/article.100021401

 

soolean_0-1702388854638.png

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎12-12-2023 06:16 AM - edited ‎12-12-2023 06:17 AM

Is client encryption the right choice for you ?

Have you considered tape drive encryption using NBU KMS  ?. Encryption happens in hardware on the tape drives and hasn't any performance impact. You do need to save passphrase for the KMS encryption is a very safe place in case master server crashes.

https://www.veritas.com/support/en_US/article.100020249

View solution in original post

3 REPLIES 3

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎12-12-2023 06:16 AM - edited ‎12-12-2023 06:17 AM

Is client encryption the right choice for you ?

Have you considered tape drive encryption using NBU KMS  ?. Encryption happens in hardware on the tape drives and hasn't any performance impact. You do need to save passphrase for the KMS encryption is a very safe place in case master server crashes.

https://www.veritas.com/support/en_US/article.100020249

Go to solution
soolean
Level 4
In response to Nicolai

‎12-12-2023 06:27 AM

Thanks, 

Can I disable it whenever I want, or can I only do it for the client I want?

 

0 Kudos

Go to solution
Nicolai
Moderator
Moderator
Partner    VIP   

‎12-13-2023 12:36 AM

hi @soolean 

When KMS is configured, it will only encrypt data going to tape pool with the ENCR_ prefix. Meaning you can stop encrypting data on tape by sending backup images to a tape pool not prefixed with ENCR_

Be aware encryption is good at maintaining confidentiality , but if you looses the encryption keys - no matter what you type of encryption being deployed, you too loose access to data. A bit of study in the technical implementation is  required.

0 Kudos