On 11/30/2011 11:02 AM, smpt wrote:
> • Disaster recovery is not supported with encrypted backups.
> Therefore you must not encrypt backups used for Disaster Recovery restore
>
> This is true only if you do not replicate the keys. With library KMS you must 
> have a replicated KMS and with netbackup KMS you have to replicate or backup 
> the keys (unencrypted backup)
>

The NBU KMS db is small and static (Only changes when you run the kms 
commands to move keys through lifecycle stages, or add new keys). This 
is easy to keep synchronized with your recovery master server provided 
you have network connectivity. If you need to do tape transport only to 
your recovery site, you may need to devise another way to have the keys 
available for personnel to enter.  You need to know the keygroup names, 
the passphrase that generates the key and the key tag, and you can 
re-enter them into KMS on the bare install master before starting the 
catalog recovery.


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu