Video Screencast Help

Encryption options enabled in netbackup 7

Created: 17 Jan 2011 • Updated: 18 Jan 2011 | 11 comments
This issue has been solved. See solution.

Is there any free encryption options enabled in netbackup 7?

i want to encrypt backups for offsite vaulting.

If no free option, what is the licenced one?

please advice


Comments 11 CommentsJump to latest comment

Kiran Bandi's picture

Netbackup Encryption option is the specially priced option for performing backups with encryption enabled.

For more information refer to Netbackup security and Encryption guide.


Nicolai's picture

Use tape drive based encryption. The KMS that handle the encryption keys has been included in Netbackup since 6.5.2. The only requirement is you have T10 compliant tape drives around (LTO4/LTO5 etc etc).

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.

jim dalton's picture

Although as delivered, T10 side encryption is somewhat limited in terms of active encrypted pools  (encr_... if I recall) . If you get to know if its expandable (and chargeable) then I for one would like to know the deal.


Nicolai's picture

There is no payable KMS option. I think earlier announcement about making it a licensed option has been withdrawn.

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.

J.H Is gone's picture

KMS - which does the hardware encryption is free.

with 7.0 you can have up to 20 volume pools to encrypt.

The one only thing that some people what that this does not do is - round robin on the codes.

Meaning you for each encrypted volume pool you have 1 active encryption key.  All tapes made in that pool with use that key.  If you want to use another key, you have to make a new active one and demote the current key to a reading key.  You can have a different key for each pool.

Where some people what 20 keys active all at once, and each backup in the same pool would use a different key.

Depends on what your requirements are.

But KMS that does hardware encryption is free with 7.0 with up to 20 encrypted volume pools.

I don't have to know how to spell....I work on Unix.
NetBackup 7.0.1 - AIX & Windows

Nicolai's picture


In NBU 7.1 is number of KMS pools has been raised to 100.

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.

karmel's picture

i have the below license details installed in my current netbackup 6 MP4 installation


file version    = 0x05000000
  time added      = 0x48ce1093 Mon Sep 15 10:36:51 2008
  hostname        = netbackup
  product ID      = 6 NetBackup
  serial number   =
  key version     =
  count           = 0
  server platform = 0 Any platform
  client platform = 0 Any platform
  server tier     = 5 NetBackup Server
  client tier     = 0 No tier
  license type    = 1 Permanent
  Site ID         = 2006 Unknown site: 2006
  Feature ID      = 75 Bare Metal Restore +
  Feature ID      = 74 Encryption +
  Feature ID      = 73 Open File Backup +
  Feature ID      = 43 Encryption (Legacy DES 56-bit) +
  Feature ID      = 42 Encryption (Legacy DES 40-bit) +
  Feature ID      = 22 Additional clients +


Is this MSEO ??

please advice


Nicolai's picture

It look like it. 


No this is the client side encryption - Andy already discovered my mistake :-D

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.

Andy Welburn's picture

- being trying to find out, we have them but don't have MSEO.

Looks like you need to be looking for Feature Id:82

DOCUMENTATION: Beginning with version 6.1.4 of NetBackup Media Server Encryption Option (MSEO), a valid license is required for activation.

A valid Symantec NetBackup license is now required to make a backup using MSEO (Media Server Encryption Option).

Run bpminlicense -verbose on any version of NetBackup and check the output for the value of Feature ID 82.  Examples are below:

Feature ID = 82 Unused feature ID: 82 + (earlier NetBackup releases)

Feature ID = 82 Media Server Encryption + (NetBackup 7.0 and later)

The plus sign (+) in the examples above indicates a valid NetBackup license for MSEO.
A minus sign (-) sign would indicate an invalid or expired license - or no license at all.

jim dalton's picture

Interesting Nicolai: you say 100 pools in 7.1: do you know how many active at once? As I read it (the 7.0.1 security and encr. guide) the kgroup name is ENCR_poolname and theres a maximum of 20 records in 2 kgroups of 10 with one per kgroup active this strikes me as adequate for a few tests for not for real world production: I need plenty more concurrent active kgroups.

I only browsed the documentation, apologies for any misinterpretation.


Nicolai's picture

No I do not how many active one you can have in 7.1 - But I wold presume it's them all. Putting a constrain on how many encrypted tape pools you can have is not a business enabler.

There might be a clue in the NBU 7.1FA documentation - but as time of writing I could only find the FA announcement.

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.