Sorry, no answer for you, but if/when you do find out, please let the
list know. I did not know the key transerver from KMS to media server
was insecure.
On 5/3/2010 6:18 AM, Justin Piszcz wrote:
> Hello,
>
> I have had a case open since last week, still waiting for Symantec to
> contact me.
>
> I have found out from engineering that the key (LTO-4) encryption key from
> the master <-> media server is sent over the wire unencrypted. It is
> obfuscated but not encrypted.
>
> The only way to do that is use NBAC as it uses SSL to transfer the keys
> around.
>
> Has anyone setup NBAC (VxSS?) in disguise?
>
> I have gotten pretty close (when I refresh the master/media servers, they
> all show as OK, no more VxSS denied, etc..) But when I try to open the
> master/media server server properties, I get the following:
>
> Failed to initialize EMM connection. Verify that network access to the
> EMM server is available and that the services nbemm and pbx_exchange are
> running on the EMM server. (195)
>
> Per NBAC/etc I want to REQUIRE the use of it obviously for LTO-4
> encryption, I would not want the key going over the wire unencrypted.
>
> Has anyone setup NBAC in 6.x or 7.x and have a short guide/FAQ/howto?
>
> Justin.
> _______________________________________________
> Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|