[Veritas-bu] NetBackup does not encrypt the LTO-4 encryption key over th

Subject:	[Veritas-bu] NetBackup does not encrypt the LTO-4 encryption key over the wire if not using NBAC
From:	Justin Piszcz <jpiszcz AT lucidpixels DOT com>
To:	veritas-bu AT mailman.eng.auburn DOT edu
Date:	Mon, 3 May 2010 07:18:17 -0400 (EDT)

Hello,

I have had a case open since last week, still waiting for Symantec to 
contact me.

I have found out from engineering that the key (LTO-4) encryption key from 
the master <-> media server is sent over the wire unencrypted.  It is 
obfuscated but not encrypted.

The only way to do that is use NBAC as it uses SSL to transfer the keys 
around.

Has anyone setup NBAC (VxSS?) in disguise?

I have gotten pretty close (when I refresh the master/media servers, they 
all show as OK, no more VxSS denied, etc..)  But when I try to open the 
master/media server server properties, I get the following:

Failed to initialize EMM connection.  Verify that network access to the 
EMM server is available and that the services nbemm and pbx_exchange are 
running on the EMM server. (195)

Per NBAC/etc I want to REQUIRE the use of it obviously for LTO-4 
encryption, I would not want the key going over the wire unencrypted.

Has anyone setup NBAC in 6.x or 7.x and have a short guide/FAQ/howto?

Justin.
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

[Veritas-bu] NetBackup does not encrypt the LTO-4 encryption key over the wire if not using NBAC