Re: [Veritas-bu] veritas netbackup 6.5 encrypt backup tape
2011-11-30 19:43:16
On 11/30/2011 11:02 AM, smpt wrote:
> • Disaster recovery is not supported with encrypted backups.
> Therefore you must not encrypt backups used for Disaster Recovery restore
>
> This is true only if you do not replicate the keys. With library KMS you must
> have a replicated KMS and with netbackup KMS you have to replicate or backup
> the keys (unencrypted backup)
>
The NBU KMS db is small and static (Only changes when you run the kms
commands to move keys through lifecycle stages, or add new keys). This
is easy to keep synchronized with your recovery master server provided
you have network connectivity. If you need to do tape transport only to
your recovery site, you may need to devise another way to have the keys
available for personnel to enter. You need to know the keygroup names,
the passphrase that generates the key and the key tag, and you can
re-enter them into KMS on the bare install master before starting the
catalog recovery.
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|