Video Screencast Help

KMS restore

Created: 31 Mar 2013 • Updated: 02 Apr 2013 | 2 comments
This issue has been solved. See solution.

Hello,

 

Encrypted backup using kms  on tapes sent to off-site library

what are the requirements for restoring these backup to local site  ?

 

Thanks

Sara

Operating Systems:

Comments 2 CommentsJump to latest comment

Nagalla's picture

are you saying , you would like to recover the tape with different master server which is in local site?

if yes, you would need to import the ecncription keys..

see the tech note below

http://www.symantec.com/business/support/index?pag...

 

below is just  from Tech note

http://www.symantec.com/business/support/index?pag...

KMS is the NetBackup Key Management Service. It can manage encryption keys for use by tape drives with built in hardware encryption.

Keys are created in the KMS database. When a backup to a tape from an encryption pool (pool name begins ENCR) is made, bptm requests the key from the key management service (nbkms) and passes it to the tape drive to encrypt the backup.

On restore, a key tag is read from the tape by bptm and the associated key is fetched from the nbkms service and passed to the drive so decryption can occur.

SOLUTION
Nicolai's picture

If you configure the "remote KMS master server" with the same keys as the local you should ready to go. 

If not already done, you should have stored  the passphrase  for Host Master Key (HMK), Key Protection Key (KPK), Key group in a safe place. Using thease passphrase will enable you to creater the same key group on the "remote" master server. 

http://www.symantec.com/docs/TECH67972

Good links from Nagalla yes

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.