How to configure NetBackup Client Encryption Option
|Article:TECH72130|||||Created: 2009-01-06|||||Updated: 2013-11-07|||||Article URL http://www.symantec.com/docs/TECH72130|
The NetBackup client encryption option is best for the following:
- Clients that can handle the CPU burden for compression / encryption
- Clients that want to retain control of the data encryption keys
- Situations where the tightest integration of NetBackup and encryption is
- Situations where encryption is needed in terms of a per client basis
Unix (The encryption binaries must already be installed on the master server):
/usr/openv/netbackup/bin/bpinst -ENCRYPTION <client name>
Note :It is required to have the client running the same version of NetBackup as the master server. It is also recommended to have them patched to the same level.
3. Create an encryption key file on the client by running the following command on the client (or on the master server with the -client option):
/usr/openv/netbackup/bin/bpkeyutil -client <client name>
-- To do this, cd into /usr/openv/netbackup/bin
-- Then run ./bpkeyutil -client <client name>
Enter new NetBackup passphrase: **********
Re-enter new NetBackup passphrase: **********
Caution: It is important that you remember the pass phrases, including the old pass phrases. If a client's key file is damaged or lost, you need all of the previous pass phrases in order to recreate the key file. Without the key file, you will be unable to restore files that were encrypted with the pass phrases.
4. Verify the following files are on the client:
<install_path>\Veritas\netbackup\var\keyfile.dat (this file is created by the bpkeyutil command)
/usr/openv/var/keyfile.dat (this file is created by the bpkeyutil command)
5. On Netbackup administration console In the policy under the Attributes tab there is a selection for Encryption that determines if the backup will be encrypted. Check the check box.
6) In the NetBackup Administration Console, Expand NetBackup Management > Host Properties > Clients, double click to launch client properties window. Click on "Encryption" and Configure this client to be enabled for encryption.
Article URL http://www.symantec.com/docs/TECH72130