Enabling deduplication encryption

Article:HOWTO70637  |  Created: 2012-02-07  |  Updated: 2012-02-07  |  Article URL http://www.symantec.com/docs/HOWTO70637
Article Type
How To


Environment

Subject


Enabling deduplication encryption

Two procedures exist to enable encryption during deduplication, as follows:

  • You can enable encryption on all hosts that deduplicate their own data without configuring them individually.

    Use this procedure if you want all of your clients that deduplicate their own data to encrypt that data.

    See “To enable encryption on all hosts”.

  • You can enable encryption on individual hosts.

    Use this procedure to enable compression or encryption on the storage server, on a load balancing server, or on a client that deduplicates its own data.

    See “To enable encryption on a single host”.

See About deduplication encryption.

To enable encryption on all hosts

  1. On the storage server, open the contentrouter.cfg file in a text editor; it resides in the following directory:

    storage_path/etc/puredisk/contentrouter.cfg

  2. Add agent_crypt to the ServerOptions line of the file. The following line is an example:

    ServerOptions=fast,verify_data_read,agent_crypt

  3. If you use load balancing servers, make the same edits to the contentrouter.cfg files on those hosts.

To enable encryption on a single host

  1. Use a text editor to open the pd.conf file on the host.

    The pd.conf file resides in the following directories:

    • (UNIX) /usr/openv/lib/ost-plugins/

    • (Windows) install_path\Veritas\NetBackup\bin\ost-plugins

    See pd.conf file settings for NetBackup deduplication .

  2. For the line in the file that contains ENCRYPTION, remove the pound character (#) in column 1 from that line.

  3. In that line, replace the 0 (zero) with a 1.

    Note:

    The spaces to the left and right of the equal sign (=) in the file are significant. Ensure that the space characters appear in the file after you edit the file.

  4. Ensure that the LOCAL_SETTINGS parameter is set to 1.

    If LOCAL_SETTINGS is 0 (zero) and the ENCRYPTION setting on the storage server is 0, the client setting does not override the server setting. Consequently, the data is not encrypted on the client host.

  5. Save and close the file.

  6. If the host is the storage server or a load balancing server, restart the NetBackup Remote Manager and Monitor Service (nbrmms) on the host.

See pd.conf file settings for NetBackup deduplication


Legacy ID



v52356307_v71108412


Article URL http://www.symantec.com/docs/HOWTO70637


Terms of use for this information are found in Legal Notices