Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Veritas-bu] KMS Key Rotation

2010-03-12 14:22:47
Subject: Re: [Veritas-bu] KMS Key Rotation
From: "bob944" <bob944 AT attglobal DOT net>
To: <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Fri, 12 Mar 2010 14:22:24 -0500 
> Once you have setup the KMS and assuming you want to restore them.
> What is
> the necessary info required to restore.
> 
> Pool Name ??
> Key Name = ??
> Key Tag ??
> etc
> 
> Phase-1 and Phase-2 don't show this info.
> 
> From where we will get this info for the restore.

Why are you importing the tapes?  If you're restoring to the same
master which created them that's unnecessary.

But whether you've imported the images or the images are still on
their original server, the key tag is what you need, and that shows
up in the GUI (it's in the manual) for each image and, IIRC, in
bpimagelist.  That key tag is what NetBackup matches against keys in
Active and Inactive status; if found, that key is used for
decryption.  

If there is no matching key tag, you must restore/import/re-create
it from your documentation and/or the keystore backups you have
maintained.  Example management of keys/changes/records has been
supplied earlier, notably by Hinchcliffe.

FYI, I have been told, but have not tested, that _all_ keys in the
keystore, regardless of keygroup, are tested when looking for a
decryption key.


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Veritas-bu] TapeAlert Code: 0x1e, Type: Critical, bob944
Next by Date:  Re: [Veritas-bu] KMS Key Rotation, judy_hinchcliffe
Previous by Thread:  Re: [Veritas-bu] TapeAlert Code: 0x1e, Type: Critical, bob944
Next by Thread:  Re: [Veritas-bu] KMS Key Rotation, judy_hinchcliffe
Indexes:  [Date] [Thread] [Top] [All Lists]