Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Where is KEY DATABASE (CLIENT ENCRYPTION ) saved in CLIENT or CATALOG ??

Created: 29 Oct 2012 • Updated: 30 Oct 2012 | 7 comments
This issue has been solved. See solution.

Hello Experts,

I Just wanted to know where the KEY.DAT file stored i mean on the CATALOG DB or on the client individually , if it is stored on the client what if this file KEY.DAT deleted or lost else is this saved on both MASTER and CLIENT so that i can restore it from CATALOG if its lost , please help me understand this.

 

NBU :- 7.1

O.S:- WINDOWS 2008 R2 SP1 ( ON ALL CLIENTS AND MASTER, MEDIA SERVER )

 

Thanks

Nayab

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Check this

DOCUMENTATION: What is the default location for the NetBackup Encryption key file? Does the CRYPT_KEYFILE setting change this location?

http://www.symantec.com/business/support/index?page=content&id=TECH56707

 

Thanks In Advance

Ashish Sharma

 

 

Marianne's picture

Please go through this post (with the TN reference) that you have marked as solution:

 https://www-secure.symantec.com/connect/forums/data-encryption-0#comment-7781011

The keyfile.dat is stored on the client and should be protected separately.

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

Nayab.Rasool's picture

Hi Ashish,

 

That link speak about the path of the file but not about where it is located on MASTER or CLIENT ?? please confirm on this.

Thanks,

Nayab

Yasuhisa Ishikawa's picture

"The key is stored in the key file on the client."

NetBackup 7.1 Security and Encryption Guide, page 275
http://www.symantec.com/docs/DOC3655

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

SOLUTION
Ashish-Sharma's picture

HI,

Once encryption is enabled (from the Master), the Remote server receives a file called Keyfile.dat and is stored locally on that client

http://www.symantec.com/business/support/index?page=content&id=TECH150643

Thanks In Advance

Ashish Sharma

 

 

Nayab.Rasool's picture

If this is the case then i can restore the backups to any environment , i don understand coz if decryption happening at client level the i can restore the backups to another environment which has different master server ??

Thanks

Nayab

Marianne's picture

Location of keyfile.dat is also documented in Commands manual under 'bpkeyutil' command.

I don't understand the many posts about encryption....

By now we have given you links to the manuals, a step-by-step TechNote, more TechNotes...

Everything that you need to need to know has been covered over and over and over and over............

If you battle this much with configuration, how are you going to do restores?

PLEASE only enable on test policies as a start. Test restores with all possible scenarios (e.g. someone 'accidently' deleting keyfile.dat, restore to new client (in case of client crash or DR), etc, BEFORE you implement encryption in production.

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links