Dear All,
Once you have setup the KMS and assuming you want to restore them. What is
the necessary info required to restore.
Pool Name ??
Key Name = ??
Key Tag ??
etc
Phase-1 and Phase-2 don't show this info.
From where we will get this info for the restore.
With Warm Regards
=-=-=-=-=-=-=-=-=-=-=-=-=-
Harpreet Singh Chana
Phone : (O) 6895 - 4326
Fax : (O) 6895 - 4991
=-=-=-=-=-=-=-=-=-=-=-=-=-
Notice
The information in this message is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of the message, or
any action taken by you in reliance on it, is prohibited and may be
unlawful. If you have received this message in error, please delete it
and contact the sender immediately. Thank you.
<judy_hinchcliffe
@administaff.com>
Sent by: To
veritas-bu-bounce <david AT stanaway DOT net>,
s AT mailman.eng DOT aub <veritas-bu AT mailman.eng.auburn
DOT edu>
urn.edu cc
Subject
03/09/2010 11:24 Re: [Veritas-bu] KMS Key Rotation
PM
I agree with David. I just started with KMS and the only change I have
made so far is to depreciated the testing key I was using and put in my
first production key. And I only did this after I did all the testing.
Expire tape, import tape. Expire tape, remove key, failed import. Recover
key, good import. Remove database, recover database. Remove database,
rebuild/recover database. Making sure pass phrase were secure and making
sure both my prod site and DR site could read each other’s tapes.
I am sure we will be changing keys, where I need to make sure I know the
start and retire date of a key/passphrase in case I come across an old
tape.
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of David
Stanaway
Sent: Monday, March 08, 2010 9:36 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: Re: [Veritas-bu] KMS Key Rotation
The limitation for the number of 'active' keytags in the keygroup dictates
that you don't rotate they keys too often. It is pretty easy to cycle the
keys out of the keygroup and recover them back in if you need, so don't let
that stifle your desired rotation config. Just make sure you have a bullet
proof way of making secure redundant hard copies of the keys, and test the
full lifecycle including restore from recovered key and have its
comfortable for your backup admins.
On 3/8/2010 6:00 PM, Adams, Dwayne wrote:
Hello,
I am working on setting up KMS. If you are using KMS in your environment,
do you rotate keys with your data sets? (Monthly, Yearly???) I have read
that it is a “Best Practice” to rotate your keys as the data encrypted with
that key expires. Are people really doing this with KMS? It is a tradeoff
between security and restore complexity. What are Netbackup Admins doing
in the “Real World”?
Thanks
Dwayne Adams
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
ForwardSourceID:NT00143D92
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
