Question on NetBackup and Hardware Tape Encryption
Hello. I recently had to supply "proof" that all backups on tape are encrypted. Since we are using HW encryption, I assumed getting that from the Tape library configuration (Quantum i6). However, that shows encryption being disabled on all drives. I then ran an "images on tape" report for a few arbitrary tapes and saw that the Encryption column was "yes" and the Encryption key" was populated. So I know that the data is encrypted. I do not have the "Ecrypt" attribute turned on, on any policies. So the question is: who is encrypting the data on tape? Quantum is telling me it has to be NB since encryption their admin console shows encryption disabled. I suspect the "disabled" may refer to the Key Management since we do not use Quantum's key management...we use NB KMS (but I did not want to argue with the engineer). When I researched this on Veritas site, I get directed to the Security and Encryption Guide, which outlines how to setup KMS. The section on Encryption options points me back to Quantum since I am using "Third-party encryption appliances and hardware devices". Any insights on this wuld be appreciated.Solved3.9KViews0likes7CommentsDuplicating a hardware encrypted tape to an unencrypted tape
I have an LTO5 tape that has been backed up with hardware encryption. It has a variety of different types of backup sessions (flat files, MS SQL servers, MS Exchange) and I've been given the passphrase, so I've re-created the key and can pull off the flat files without any issue. The client has asked me to create an unencrypted version of the tape (they wish to use various 3rd party tools to extract the SQL and MS Exchange backups), and I've tried doing this with the duplication function, but I can't get it to work. I have a second tape drive in which I've mounted a freshly erased and labelled LTO5. When I try duplicating the original sessions from the encrypted tape onto it, I'm given the option of types of encryption (I chose none) but BE is switching on hardware encryption on the target drive anyway. This is regardless of whether I use DirectCopy, or choose to actually have encryption (which then gives me the option of choosing which key to use). Any ideas? Is there some option or other hidden deep in the bowels of BE that's telling it to encrypt everything it writes to tape by default?3.7KViews0likes11CommentsRestore encrypted SQL database on another server
Hi folks! Recently we applied TDE (Transparent Data Encryption) on some of our SQL databases on an SQL server. Netbackup policies keep working troublefree both for Full and Incremental Backups. Now, we need to perform a restore of one of these databases onto another SQL server where the TDE has been applied as well. I try to make the restore but I got the error with status 2828. Can someone guide me on how to do the restore? Thank you all in advance for the support.Solved3.3KViews0likes3CommentsMSDP encryption
Dear all, I really need your help regarding MSDP encryption. And I am confused about all what I read on the subject. What are my options to encrypt my deduplicated data on MSDP ? We have Netbackup appliance 8.1.1. I understand that I have two options: MSDP native encryption: -backup encrypt:For backups, the deduplication plug-in encrypts the data after it is deduplicated.The MSDPpd.conffileENCRYPTIONparameter controls backup encryption for individual hosts -Duplication and replication encryption :the deduplication plug-in on MSDP servers encrypts the data for transfer. The data is encrypted during transfer from the plug-in to the NetBackup Deduplication Engine on the target storage server and remains encrypted on the target storage. https://www.veritas.com/support/en_US/doc/25074086-127355784-0/v95643059-127355784 My questions: - For MSDP encryption, how it works ? how keys are generated and where are stored(on the client, in the MSDP catalog? file system ?) How to secure these keys ? - We are already backuping data. which means my segments of data are not encrypted. If I activate encryption on my clients, my new segments of data will be encrypted but not the old one ? Am I right ? Is there any solution to backup old data ? KMS with MSDP (available since version 8.1.1): I don't find much information on KMS for MSDP encyption. All I know that it is possible since version 8.1.1 =>https://www.veritas.com/support/en_US/doc/25074086-130388296-0/v130236116-130388296 KMS should be activated during the storage creation. Which means to use KMS and encrypt all my data. I shoul restart backuping all my data. Do you confirm ? have you any information on this ? To sum up, I found the documentation really confusing and I really need your help. Are you using encryption ? What are using for it ? Thank you so much for helping, Regards2.2KViews0likes1CommentBackup Exec 2010 R2 - Tape ejects on catalog / restore / backup
Hi, Were currently have Backup Exec 2010 R2 running at two sites. A production site and a DR site. Tapes are backed up at the production site and encrypted on a LTO4 auto loader (hardware 256Bit AES). When trying to catalog or restore data at the DR site using a stand alone LTO4 drive Backup Exec is just ejecting the media. I suspect this is due to encryption. I have setup the encryption key on the DR install of Backup Exec but suspect it is not working. Does anyone have any ideas what could be going on? Cheers.Solved2.1KViews0likes15CommentsNBU 9.x / 10.x Tape storage encryption with IBM ts4500 library
Dear Team We have NBU 9.1.0.1 master server on RHEL with Flex5250 appliances as media server. We are refreshing our tape library hardware with IBM TS4500 library with ts1160 drives We would like to enable tape storage encryption via netbackup . On the IBM library , we have 2 options 1. Application managed encryption ( AME ) .if the netbackup generates and manages encryption policies and keys 2. Library managed encryption (LME ) . encryption transparent to Backup software . ie Netbackup Does netbackup support both methods ? do we have any documentation around this ? does anyone have experience setting this up ?1.4KViews0likes5Comments[closed] Block level backup of encrypted VM
Hello, We have encrypted our VM thru the VM encryption module provided by VMWare since 6.5 version. As it is not supported by BE 16, we are doing now file level backup. Is there some news regarding an update of BE 16 that will allow block level backup with encrypted VM ?1.3KViews0likes1CommentHardware Encrypted Tape
Hi, I have a site that will be closing that uses a Spectra Logic library with encryption key set, I was wondering what is the best proceedure to reuse the tapes in our other libraries, is it a case of importing the old site library key into the other library or can I create a volume pool and place these in the library and run a relable or erase on each tape?7 Apologies if this is in the incorrect forum, if the admin can move it to the right one it would be appreciated. Many thanks KevSolved1.1KViews0likes2Commentsdlo user data always encrypted
I'm trying to set up DLO 2010R2 to NOT encrypt user's data when it is backed up to the network. I have disabled encryption under tools->options and also in the selection list under the profile. I am able to restore encrypted files using the recovery password but i would like to disable encryption completely. Thanks in advance, Udi963Views0likes2Comments