Veritas-bu

Re: [Veritas-bu] Fw: KMS encryption

2010-06-15 19:14:20
Subject: Re: [Veritas-bu] Fw: KMS encryption
From: "bob944" <bob944 AT attglobal DOT net>
To: <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Tue, 15 Jun 2010 19:13:32 -0400
> Today i tried configuring the KMS on my master
> server(running on AIX). It worked perfectly fine,
> i took help from veritas support and according to
> them we can only keep one key in the key database,
> it will always use the same key for encrypting the
> data. Every time we need to change the encryption
> key , we need to define the new key and deactivate
> the one that> is activated.

Either they were wrong or you misunderstood.  You can have ten (from
memory--it's in the book) keys in a keygroup.  Only one key in each
keygroup can be in the Active state, which is the key used for
writing.  The rest of the keys in a keybroup can be in the other
states (pre-live, inactive, deprecated and terminated).  All active
AND inactive keys are available for decrypting; NetBackup matches
the key-tag, which you can see in your database and in a NetBackup
image list.


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread] Current Thread [Next in Thread>