MSDP encryption
Dear all, I really need your help regarding MSDP encryption. And I am confused about all what I read on the subject. What are my options to encrypt my deduplicated data on MSDP ? We have Netbackup appliance 8.1.1. I understand that I have two options: MSDP native encryption: -backup encrypt:For backups, the deduplication plug-in encrypts the data after it is deduplicated.The MSDPpd.conffileENCRYPTIONparameter controls backup encryption for individual hosts -Duplication and replication encryption :the deduplication plug-in on MSDP servers encrypts the data for transfer. The data is encrypted during transfer from the plug-in to the NetBackup Deduplication Engine on the target storage server and remains encrypted on the target storage. https://www.veritas.com/support/en_US/doc/25074086-127355784-0/v95643059-127355784 My questions: - For MSDP encryption, how it works ? how keys are generated and where are stored(on the client, in the MSDP catalog? file system ?) How to secure these keys ? - We are already backuping data. which means my segments of data are not encrypted. If I activate encryption on my clients, my new segments of data will be encrypted but not the old one ? Am I right ? Is there any solution to backup old data ? KMS with MSDP (available since version 8.1.1): I don't find much information on KMS for MSDP encyption. All I know that it is possible since version 8.1.1 =>https://www.veritas.com/support/en_US/doc/25074086-130388296-0/v130236116-130388296 KMS should be activated during the storage creation. Which means to use KMS and encrypt all my data. I shoul restart backuping all my data. Do you confirm ? have you any information on this ? To sum up, I found the documentation really confusing and I really need your help. Are you using encryption ? What are using for it ? Thank you so much for helping, Regards2.2KViews0likes1Comment