Guys i'm upgrading existing backup infrastructure by introducing a new
server and upgrading NBU to 6.5.4 on Solaris.
I've then got to install and configure MSEO 6.1 so we can encrypt some
database backups.
I've been reading through all the pdf's and its just a bit of a minefield.
Is there any simplistic steps anywhere anyone has done to install? I'm
hoping i don't need to change much from defaults, but all documentation
points towards security server, pem server, pem client etc.
I've basically got one master/media server combined where i need to
install this on. I can't see mentioned anywhere in the docs how it is
done on a single machine. I have seen standalone config mentioned for
the pem and security server though.
Anyway can someone explain or help me understand the following :-
1. From what i gather there is a master access file with a clear text
password in it. I'm not entirely sure what this is for, but i'd assume
its critical to be not put on a none encrypted backup anywhere?
2. RSA keys are used to encrypt and decrypt the AES keys which are
dynamically created to encrypt data blocks. Is this right? We have the
requirement to restore a backup taken at one site on another site, so i
was hoping to create a separate key for each site and then import the
production key into the DR site MSEO system so that tapes written on
production could be read and restored. Is this understanding correct? I
don't want to overwrite the existing default keys each time but am not
sure if the default key will be used to write backups.
3. I have multiple backup jobs writing to the same tape pools and not
all these jobs need encrypting. From what i see the encryption is done
by adding <MSEO> tags into the keyword section of the policy. Do i need
to put these keywords in ALL policies but simply omit the KeyType bit
but leave in Compress=xxx if i want other policies to compress but not
encrypt? Or do i leave the keyword section blank. If i leave blank does
compression still work as i gather the /dev/rmt/0cbn links are changed
by the MSEO virtual device paths.
4. Are there a list of these variables for netbackup.keyword anywhere?
From what i gather the default xml file produced contains attributes
that will have the netbackup.keyword.<variable> in them. The word
'netbackup.keyword' is not then referenced elsew section. This confuses
me a little as i seehere and only the <variable> bit is referenced in
the policy keyword other built in variables in the docs e.g
netbackup.policy netbackup.pool, but don't then know how to reference
them or if i need to.
Has anyone a basic example they could post me at all of configuration?
Sorry this is long, i'm just venting because its all a bit mental and as
always deadlines mean it needs doing asap.
Any pointers would be great.
Cheers
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|