Veritas-bu

Re: [Veritas-bu] Fw: KMS encryption

2010-06-15 22:35:37
Subject: Re: [Veritas-bu] Fw: KMS encryption
From: <judy_hinchcliffe AT administaff DOT com>
To: <bob944 AT attglobal DOT net>, <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Wed, 16 Jun 2010 02:35:21 +0000
What I think they are going for is the fact that tiviloi can have a bunch of 
keys and does a kind of round robbin with them so all the tapes do not have the 
same encrypted key
That is a difference between kms - with NB kms if you have the key to that pool 
then you have the key to all the tapes in that pool
Going the other way with a bunch of keys you would have to work to read each 
tape as they would have different encryptions

Comes down to how mich money and how strict you encryption needs are

Then it could be in the future NB kms may offer that option at a price. (First 
one is free)

----- Original Message -----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu <veritas-bu-bounces AT 
mailman.eng.auburn DOT edu>
To: veritas-bu AT mailman.eng.auburn DOT edu <veritas-bu AT mailman.eng.auburn 
DOT edu>
Cc: abhishek.dhingra AT in.ibm DOT co <abhishek.dhingra AT in.ibm DOT co>
Sent: Tue Jun 15 18:13:32 2010
Subject: Re: [Veritas-bu] Fw:  KMS encryption

> Today i tried configuring the KMS on my master
> server(running on AIX). It worked perfectly fine,
> i took help from veritas support and according to
> them we can only keep one key in the key database,
> it will always use the same key for encrypting the
> data. Every time we need to change the encryption
> key , we need to define the new key and deactivate
> the one that> is activated.

Either they were wrong or you misunderstood.  You can have ten (from
memory--it's in the book) keys in a keygroup.  Only one key in each
keygroup can be in the Active state, which is the key used for
writing.  The rest of the keys in a keybroup can be in the other
states (pre-live, inactive, deprecated and terminated).  All active
AND inactive keys are available for decrypting; NetBackup matches
the key-tag, which you can see in your database and in a NetBackup
image list.


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread] Current Thread [Next in Thread>