Veritas NetBackup™ Upgrade Guide
- About changes in NetBackup 8.2
- Planning for an upgrade
- General upgrade planning information
- About upgrade tools
- Upgrade operational notes and limitations
- Master server upgrade
- Media server upgrade
- MSDP upgrade for NetBackup
- Client upgrade
- NetBackup Deployment Management with VxUpdate
- Appendix A. Reference
About MSDP rolling data conversion
NetBackup 8.0 introduced the AES encryption algorithm to replace the existing Blowfish algorithm. NetBackup 8.1 introduces the SHA-2 fingerprint algorithm to replace the existing MD5-like algorithm. The upgrades to both the encryption and the fingerprint algorithms are designed to enhance data security.
The environments that are upgraded to NetBackup 8.1 may include Blowfish encrypted data and the MD5-like fingerprints that need to be converted to the new format. To handle the conversion and secure the data, a new internal task converts the current data container to the AES encryption and the SHA-2 fingerprint algorithm. This new task is referred to as the rolling data conversion.
Rolling data conversion traverses all existing data containers. If the data is encrypted with the Blowfish algorithm, the data is re-encrypted with the AES algorithm. Then a new SHA-2 fingerprint is generated. After the conversion, the data container has a new file with a
.map extension, in addition to the
.bin files. The
.map file contains the mapping between the SHA-2 and the MD5-like fingerprints. The
.bhd file includes the SHA-2 fingerprints.
In a new installation of NetBackup 8.1, the rolling data conversion is marked as Finished and doesn't start in the future. For an upgrade to NetBackup 8.1, the rolling data conversion is enabled by default and works in the background after the MSDP conversion completes. Only the data that existed before upgrade is converted. All new data uses the new SHA-2 fingerprint and does not need conversion.
You can manage and monitor the rolling data conversion using the crcontrol command. More information about its use is available.