[Veritas-bu] Fw: KMS encryption
2010-06-15 13:40:49
Thanks for the reply.
Today i tried configuring the KMS on
my master server(running on AIX). It worked perfectly fine, i took help
from veritas support and according to them we can only keep one key
in the key database, it will always use the same key for encrypting the
data. Every time we need to change the encryption key , we need to define
the new key and deactivate the one that is activated.
Have you tried configuring more then
one key at the same time.
Moreover doing restore on another site
, will require encryption license to be applied on the tape library at
another site, in case if we dont have encryption feature enabled at hardware
on another site, is there any way to perform the restore.
Rgds
A D
Email : abhishek.dhingra AT in.ibm DOT com
----- Forwarded by Abhishek
Dhingra1/India/IBM on 06/15/2010 11:05 PM -----
<judy_hinchcliffe AT administaff DOT com>
06/15/2010 10:51 PM
|
To
| Abhishek Dhingra1/India/IBM@IBMIN, <veritas-bu AT mailman.eng.auburn DOT edu>
|
cc
|
|
Subject
| RE: [Veritas-bu] KMS encryption |
|
Yes, I recently started.
It is one chapter in the Security
and Encryption book, look for the book for the version you are running.
In the 6.5 it is chapter 6.
I have aix media servers so I cannot
do MESO
If I wanted to hardware encryption
using my IBM library I would have to PAY IBM a lot of money Plus get the
Tivoli key management system.
Kms comes with NB.
I just went to my library and turned
on “Application Managed Encryption”
Then I setup the kms database and
made my volume pools
NOTE: in 6.5.5 you can only
use 2 encrypted volume pools. In 7.0 you can use 20.
So now I am doing hardware encryption
– that is where all the work is done on the tape drive – it also does
my compression so no extra over head on my master or media.
Read the chapter carefully –
Make sure that the kms dir is not
put on your catalog tape, and do no encrypt the catalog tape ( that’s
like locking your keys in the car)
I have two sites.
I made my kms on one master, then
just copied the database to the other master, this way I know all encrypted
key tags match and I can read encrypted tapes at both sites.
Once reading the chapter I saw
how easy it really was.
Just make sure you document you
password strings and keep them in a secure place – not in just any file
on disk where someone else could find them.
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Abhishek
Dhingra1
Sent: Tuesday, June 15, 2010 12:10 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] KMS encryption
Hi,,
Has anyone ever used Netbackup 6.5 internal KMS encryption
feature.
Pls share the documents link of KMS and also wanted to know merits and
demerits of using KMS encryption.
Hope some one have used KMS and could help me.
Rgds
A D
Email : abhishek.dhingra AT in.ibm DOT com
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Veritas-bu] Fw: KMS encryption,
Abhishek Dhingra1 <=
|
|
|