Encryption in netbackup MSDP multi-domain
Hello All, Looking to enable encryption on Netbackup MSDP multi domain. Does this supported by Netbackup? Also can we enable encryption on Media server where storage server is seprated from media server ? As per my understanding we have to enable encryption on both servers661Views0likes1CommentNBU 9.x / 10.x Tape storage encryption with IBM ts4500 library
Dear Team We have NBU 9.1.0.1 master server on RHEL with Flex5250 appliances as media server. We are refreshing our tape library hardware with IBM TS4500 library with ts1160 drives We would like to enable tape storage encryption via netbackup . On the IBM library , we have 2 options 1. Application managed encryption ( AME ) .if the netbackup generates and manages encryption policies and keys 2. Library managed encryption (LME ) . encryption transparent to Backup software . ie Netbackup Does netbackup support both methods ? do we have any documentation around this ? does anyone have experience setting this up ?1.4KViews0likes5CommentsQuestion on NetBackup and Hardware Tape Encryption
Hello. I recently had to supply "proof" that all backups on tape are encrypted. Since we are using HW encryption, I assumed getting that from the Tape library configuration (Quantum i6). However, that shows encryption being disabled on all drives. I then ran an "images on tape" report for a few arbitrary tapes and saw that the Encryption column was "yes" and the Encryption key" was populated. So I know that the data is encrypted. I do not have the "Ecrypt" attribute turned on, on any policies. So the question is: who is encrypting the data on tape? Quantum is telling me it has to be NB since encryption their admin console shows encryption disabled. I suspect the "disabled" may refer to the Key Management since we do not use Quantum's key management...we use NB KMS (but I did not want to argue with the engineer). When I researched this on Veritas site, I get directed to the Security and Encryption Guide, which outlines how to setup KMS. The section on Encryption options points me back to Quantum since I am using "Third-party encryption appliances and hardware devices". Any insights on this wuld be appreciated.Solved4KViews0likes7CommentsIn NetBackup 8.1.2 is data encrypted in flight
Hi, I am running NetBackup 8.1.2 on my master (Solaris 11), media (RedHat 7 and Solaris 11), and clients (Solaris 11, RedHat 6 and 7, AIX 7, and Windows) and I know that the new security requirements use TLS for communication between hosts for validation but does TLS also encrypt the data in flight (over the wire)? Thank you.Solved900Views0likes1CommentDuplicating a hardware encrypted tape to an unencrypted tape
I have an LTO5 tape that has been backed up with hardware encryption. It has a variety of different types of backup sessions (flat files, MS SQL servers, MS Exchange) and I've been given the passphrase, so I've re-created the key and can pull off the flat files without any issue. The client has asked me to create an unencrypted version of the tape (they wish to use various 3rd party tools to extract the SQL and MS Exchange backups), and I've tried doing this with the duplication function, but I can't get it to work. I have a second tape drive in which I've mounted a freshly erased and labelled LTO5. When I try duplicating the original sessions from the encrypted tape onto it, I'm given the option of types of encryption (I chose none) but BE is switching on hardware encryption on the target drive anyway. This is regardless of whether I use DirectCopy, or choose to actually have encryption (which then gives me the option of choosing which key to use). Any ideas? Is there some option or other hidden deep in the bowels of BE that's telling it to encrypt everything it writes to tape by default?3.7KViews0likes11CommentsHow does backup Exec generate the AES-256 key used by tape drives for encryption?
Does anyone know the key generator used by BE to create the AES-256 keys used by LTO drives for hardware encryption? You can read an encrypted tape across different versions of BE if you supply the same passphrase when you create the key, so clearly BE is using the same algorithm and/or salt. Does anyone know what it is?682Views0likes0CommentsRestore encrypted SQL database on another server
Hi folks! Recently we applied TDE (Transparent Data Encryption) on some of our SQL databases on an SQL server. Netbackup policies keep working troublefree both for Full and Incremental Backups. Now, we need to perform a restore of one of these databases onto another SQL server where the TDE has been applied as well. I try to make the restore but I got the error with status 2828. Can someone guide me on how to do the restore? Thank you all in advance for the support.Solved3.3KViews0likes3CommentsMSDP encryption
Dear all, I really need your help regarding MSDP encryption. And I am confused about all what I read on the subject. What are my options to encrypt my deduplicated data on MSDP ? We have Netbackup appliance 8.1.1. I understand that I have two options: MSDP native encryption: -backup encrypt:For backups, the deduplication plug-in encrypts the data after it is deduplicated.The MSDPpd.conffileENCRYPTIONparameter controls backup encryption for individual hosts -Duplication and replication encryption :the deduplication plug-in on MSDP servers encrypts the data for transfer. The data is encrypted during transfer from the plug-in to the NetBackup Deduplication Engine on the target storage server and remains encrypted on the target storage. https://www.veritas.com/support/en_US/doc/25074086-127355784-0/v95643059-127355784 My questions: - For MSDP encryption, how it works ? how keys are generated and where are stored(on the client, in the MSDP catalog? file system ?) How to secure these keys ? - We are already backuping data. which means my segments of data are not encrypted. If I activate encryption on my clients, my new segments of data will be encrypted but not the old one ? Am I right ? Is there any solution to backup old data ? KMS with MSDP (available since version 8.1.1): I don't find much information on KMS for MSDP encyption. All I know that it is possible since version 8.1.1 =>https://www.veritas.com/support/en_US/doc/25074086-130388296-0/v130236116-130388296 KMS should be activated during the storage creation. Which means to use KMS and encrypt all my data. I shoul restart backuping all my data. Do you confirm ? have you any information on this ? To sum up, I found the documentation really confusing and I really need your help. Are you using encryption ? What are using for it ? Thank you so much for helping, Regards2.3KViews0likes1CommentHardware Encrypted Tape
Hi, I have a site that will be closing that uses a Spectra Logic library with encryption key set, I was wondering what is the best proceedure to reuse the tapes in our other libraries, is it a case of importing the old site library key into the other library or can I create a volume pool and place these in the library and run a relable or erase on each tape?7 Apologies if this is in the incorrect forum, if the admin can move it to the right one it would be appreciated. Many thanks KevSolved1.1KViews0likes2Comments[closed] Block level backup of encrypted VM
Hello, We have encrypted our VM thru the VM encryption module provided by VMWare since 6.5 version. As it is not supported by BE 16, we are doing now file level backup. Is there some news regarding an update of BE 16 that will allow block level backup with encrypted VM ?1.3KViews0likes1Comment