Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Q: Does Vaulting Encrypted Data to Encrypted Tape Pools Create a double-encrypted backup?

Created: 11 Jun 2013 • Updated: 22 Sep 2013 | 1 comment
This issue has been solved. See solution.

NetBackup version 6.5.6 on Solaris 10


A policy writes to disk pool which gets staged to an encrypted tape pool (ENCR_onsite). A vault policy then comes along and vaults the data from ENCR_onsite to a pool called ENCR_offsite.


a) Does the data on ENCR_onsite now vaulted to ENCR_offsite now become double-encrypted when it goes to ENCR_offsite?

b) Does the data on ENCR_onsite get decrypted as it vaulted to ENCR_offsite, where it is re-encrypted with the keys for ENCR_offsite?

If a) happens, I would assume NetBackup cannot understand how to double-un-encrypt the data, correct?



Operating Systems:

Comments 1 CommentJump to latest comment

Nicolai's picture

A: No. Data read off a encrypted tape will be decrypted before send off to the host.

B: Yes

Yes - you are correct. Take a look at T/N below. If a double encryption was possible Netbackup wold need to store multiple Key Tags for a single backup image. It does not - only one key tag - and so not possible to use double encryption with NBU KMS 

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.