Video Screencast Help

NetBackup KMS between DC-DR

Created: 01 Oct 2013 • Updated: 11 Oct 2013 | 1 comment
captain jack sparrow's picture
This issue has been solved. See solution.

Hi Connect

How KMS works and design should be considered for NBU at DC and DR

NBU is on solaris SPARC on DC and DR (same system config)

Hostnames are different at DC-DR.

From Sec-Encryption admin guide we have options available of recovering keys from data files and passphrases /passcodes. But how do we setup automated process of key and key groups and other KMS details to sync with DR KMS server

KMS is not backed up as a part of catalog, hence it must be quieced (for consistent copy) and then must be backed up (either using NBU or other methods of copy, writing to CD/DVD or USB etc.)

 

Can AIR help in this, if so how.

 

Pls share your views on same.

Operating Systems:

Comments 1 CommentJump to latest comment

Nicolai's picture

Well AIR will not designed directly to solve the issue.  If you make the master a client of another master server, and create bpstart_notify/bpend_notify script and backup the KMS to unencrypted store, it should work.

Else copy the backup of the KMS to the DR master server using rsync and crontab. It's dead simple.

You should always be in control of what pass-phrases being used. You can loose the KMS database and re-create it with the pass-phrases being used. Alternative write a  governance procedure for the use of encryption.

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.

SOLUTION