Veritas NetBackup™ AdvancedDisk Storage Solutions Guide
- Introducing AdvancedDisk
- Licensing AdvancedDisk
- Configuring AdvancedDisk
- Configuring key management for NetBackup AdvancedDisk storage encryption
- Configuring an AdvancedDisk storage server
- Configuring an AdvancedDisk disk pool
- Configuring an AdvancedDisk storage unit
- Creating a storage lifecycle policy
- Managing AdvancedDisk
- Managing AdvancedDisk storage servers
- Managing AdvancedDisk disk pools
- Displaying detailed AdvancedDisk storage usage information
- Toubleshooting AdvancedDisk
Saving a record of the KMS key names for NetBackup AdvancedDisk storage encryption
Veritas recommends that you save a record of the encryption key names and tags. The key tag is necessary if you need to recover or recreate the keys.
See Configuring key management for NetBackup AdvancedDisk storage encryption.
To save a record of the key names
- To determine the key group names, use the following command on the master server:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkgs
Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkgs
The following is example output:
Key Group Name : UX_Host.example.com:backups Supported Cipher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Oct 01 01:00:00 2013 Last Modification Time: Tues Oct 01 01:00:00 2013 Description : - FIPS Approved Key : Yes
Key Group Name : Win_Host.example.com: Supported Cipher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Oct 01 01:05:00 2013 Last Modification Time: Tues Oct 01 01:05:00 2013 Description : - FIPS Approved Key : Yes
- For each key group, write all of the keys that belong to the group to a file. Run the command on the master server. The following is the command syntax:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname key_group_name > filename.txt
Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkeys -kgname key_group_name > filename.txt
The following is example output:
nbkmsutil.exe -listkeys -kgname UX_Host.example.com:backups > encrypt_keys_UX_Host.example.com_backups.txt
Key Group Name : UX_Host.example.com:backups Supported Cipher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Oct 01 01:00:00 2013 Last Modification Time: Tues Oct 01 01:00:00 2013 Description : - FIPS Approved Key : Yes Key Tag : 867d710aa7f4c64dcdd2cec6...cce d0c831c1812c510acd05 Key Name : AdvDisk_Key Current State : ACTIVE Creation Time : Tues Oct 01 01:05:00 2013 Last Modification Time: Tues Oct 01 01:05:00 2013 Description : - FIPS Approved Key : Yes Number of Keys: 1
- Include in the file the pass phrase that you used to create the key record.
- Store the file in a secure location.