Recovery from encrypted tapes?

L

ldmwndletsm

ADSM.ORG Senior Member
Joined
Oct 30, 2019
Messages
232
Reaction score
5
Points
0
This will be on a Linux DR test server, not the production sever, but running same release.

Can you restore the database without the keys, as a test? If so, is it necessary to have first backed it up on the production server without the keys?

If you are able to restore without the keys then I would expect that you should be able to restore data from a non-encrypted tape since that wouldn't require a key. However, what happens if you then attempt to restore from an encrypted tape? Will it fail immediately? Or will it succeed, but the data will be unintelligible? Either way, it seems a fair test to ensure that the data really is being encrypted on the production server.

Also, does the password for the database instance user have to be the same as the server where the database backup was created? If not, then all you will need is the password used to protect the master key? That it?
 
Hi,

From help set dbrecovery:
PROTECTKeys
Specifies that database backups include a copy of the
master encryption key for the server that is used to
encrypt node passwords, administrator passwords, and
storage pool data. The master encryption key is stored
in the dsmkeydb files. If you lose the dsmkeydb files,
nodes and administrators are unable to authenticate with
the server because the server is unable to read the
passwords that are encrypted by using the master
encryption key. In addition, any data that is stored in
an encrypted storage pool cannot be retrieved without
the master encryption key. This parameter is optional.
The default value is Yes. You can specify one of the
following values:

No
Specifies that database backups do not include
a copy of the master encryption key for the
server.

Attention: If you specify PROTECTKEYS=NO, you
must manually back up the master encryption key
for the server and make the key available when
you implement disaster recovery. You cannot
recover from a disaster without the master
encryption key.

Yes
Specifies that database backups include a copy
of the master encryption key for the server.

Attention: If you specify PROTECTKEYS=YES, you
must also specify the PASSWORD parameter.
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,968
Messages
135,434
Members
21,947
Latest member
dylbrawn
Back
Top