Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Fw: KMS encryption

2010-06-15 13:40:49
Subject: [Veritas-bu] Fw: KMS encryption
From: Abhishek Dhingra1 <abhishek.dhingra AT in.ibm DOT com>
To: judy_hinchcliffe AT administaff DOT com
Date: Tue, 15 Jun 2010 23:10:37 +0530

Thanks for the reply.

Today i tried configuring the KMS on my master server(running on AIX). It worked perfectly fine, i took help from veritas support and according to them we can only keep one key in the key database, it will always use the same key for encrypting the data. Every time we need to change the encryption key , we need to define the new key and deactivate the one that is activated.

Have you tried configuring more then one key at the same time.

Moreover doing restore on another site , will require encryption license to be applied on the tape library at another site, in case if we dont have encryption feature enabled at hardware on another site, is there any way to perform the restore.

Rgds
A D
Email : abhishek.dhingra AT in.ibm DOT com
----- Forwarded by Abhishek Dhingra1/India/IBM on 06/15/2010 11:05 PM -----
<judy_hinchcliffe AT administaff DOT com>

06/15/2010 10:51 PM

To
Abhishek Dhingra1/India/IBM@IBMIN, <veritas-bu AT mailman.eng.auburn DOT edu>
cc
Subject
RE: [Veritas-bu] KMS encryption





Yes, I recently started.
 
It is one chapter in the Security and Encryption book, look for the book for the version you are running.  In the 6.5 it is chapter 6.
 
 
I have aix media servers so I cannot do MESO
 
If I wanted to hardware encryption using my IBM library I would have to PAY IBM a lot of money Plus get the Tivoli key management system.
 
Kms comes with NB.
I just went to my library and turned on “Application Managed Encryption”
Then I setup the kms database and made my volume pools
NOTE:  in 6.5.5 you can only use 2 encrypted volume pools.  In 7.0 you can use 20.
 
So now I am doing hardware encryption – that is where all the work is done on the tape drive – it also does my compression  so no extra over head on my master or media.
 
Read the chapter carefully –
Make sure that the kms dir is not put on your catalog tape, and do no encrypt the catalog tape ( that’s like locking your keys in the car)
I have two sites.
I made my kms on one master, then just copied the database to the other master, this way I know all encrypted key tags match and I can read encrypted tapes at both sites.
 
Once reading the chapter I saw how easy it really was.
 
Just make sure you document you password strings and keep them in a secure place – not in just any file on disk where someone else could find them.
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu [mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Abhishek Dhingra1
Sent: Tuesday, June 15, 2010 12:10 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] KMS encryption
 

Hi,,

   Has anyone ever used Netbackup 6.5 internal KMS encryption feature.

Pls share the documents link of KMS and also wanted to know merits and demerits of using KMS encryption.

Hope some one have used KMS and could help me.

Rgds
A D
Email : abhishek.dhingra AT in.ibm DOT com 
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Veritas-bu] KMS encryption, judy_hinchcliffe
Next by Date:  [Veritas-bu] TKLM vs KMS, Abhishek Dhingra1
Previous by Thread:  [Veritas-bu] Error (WIN32 13: The data is invalid.), Harpreet SINGH
Next by Thread:  Re: [Veritas-bu] KMS encryption, judy_hinchcliffe
Indexes:  [Date] [Thread] [Top] [All Lists]