Video Screencast Help

Q: Does Vaulting Encrypted Data to Encrypted Tape Pools Create a double-encrypted backup?

Created: 11 Jun 2013 • Updated: 22 Sep 2013 | 1 comment
This issue has been solved. See solution.

NetBackup version 6.5.6 on Solaris 10


A policy writes to disk pool which gets staged to an encrypted tape pool (ENCR_onsite). A vault policy then comes along and vaults the data from ENCR_onsite to a pool called ENCR_offsite.


a) Does the data on ENCR_onsite now vaulted to ENCR_offsite now become double-encrypted when it goes to ENCR_offsite?

b) Does the data on ENCR_onsite get decrypted as it vaulted to ENCR_offsite, where it is re-encrypted with the keys for ENCR_offsite?

If a) happens, I would assume NetBackup cannot understand how to double-un-encrypt the data, correct?



Operating Systems:

Comments 1 CommentJump to latest comment

Nicolai's picture

A: No. Data read off a encrypted tape will be decrypted before send off to the host.

B: Yes

Yes - you are correct. Take a look at T/N below. If a double encryption was possible Netbackup wold need to store multiple Key Tags for a single backup image. It does not - only one key tag - and so not possible to use double encryption with NBU KMS 

Assumption is the mother of all mess ups.

If this post answered your'e qustion -  Please mark as a soloution.