Video Screencast Help

Different between Netbackup KMS and MSEO KMS

Created: 03 Oct 2012 • Updated: 22 Oct 2012 | 2 comments
demo4119's picture
This issue has been solved. See solution.

I have read through the Security admin guide that the Netbackup KMS is bundle with the netbackup installer and encrypted with support list of Library model.

What is required on the supported library model inorder to work with Netbackup KMS?

Is there any restriction for volume pool per keygroup ?  

Comments 2 CommentsJump to latest comment

bills's picture

As I recall NBU KMS doesn't really care about the library - it just requires encryption-capable tape drives.  When I set this up I didn't have to do anything to the drives/library - when NBU sees a request for a tape in a pool starting with ENCR_, it sets a scsi bit that tells the drive to encrypt/decrypt, and supplies the key for that pool.

There is a one to one relationship between keygroups and volume pools, and they have to have the same name.


Mouse's picture

MSEO is a basically third-party (Voltare) driver that has a kludge in NBU "comment" field that it is intercepting and forcing software-based encryption that works with any tape drive. For this purpose, MSEO maintains its own database with keys

NBU KMS works with encryption-enabled LTO4/5 drives that can accept keys via SCSI from NBU that holds the key database (it is not part of EMM, though).

Hope this helps