Veritas NetBackup™ AdvancedDisk Storage Solutions Guide

Last Published:
Product(s): NetBackup (9.0)
  1. Introducing AdvancedDisk
    1.  
      About the AdvancedDisk storage option
  2. Licensing AdvancedDisk
    1.  
      About the AdvancedDisk license
    2.  
      Licensing AdvancedDisk
  3. Configuring AdvancedDisk
    1.  
      Configuring the AdvancedDisk option
    2.  
      About AdvancedDisk file system requirements
    3.  
      Configuring credentials for CIFS storage and disk storage units
    4.  
      About AdvancedDisk storage servers
    5.  
      About AdvancedDisk data movers
    6.  
      About AdvancedDisk preferred or required read servers
    7.  
      About data encryption for AdvancedDisk storage
    8.  
      About key management for encryption of NetBackup AdvancedDisk storage
    9. Configuring key management for NetBackup AdvancedDisk storage encryption
      1.  
        Setting up the KMS database for NetBackup AdvancedDisk storage encryption
      2.  
        Creating a KMS key group for NetBackup AdvancedDisk storage encryption
      3.  
        Creating a KMS key for NetBackup AdvancedDisk storage encryption
      4.  
        Saving a record of the KMS key names for NetBackup AdvancedDisk storage encryption
    10. Configuring an AdvancedDisk storage server
      1.  
        AdvancedDisk storage server configuration options
    11.  
      About AdvancedDisk disk pools
    12.  
      Configuring a CIFS disk volume for AdvancedDisk encryption
    13. Configuring an AdvancedDisk disk pool
      1.  
        NetBackup nbdevconfig command options for AdvancedDisk disk pools
      2.  
        AdvancedDisk disk pool properties
    14. Configuring an AdvancedDisk storage unit
      1.  
        AdvancedDisk storage unit properties
      2. About AdvancedDisk storage unit recommendations
        1.  
          About configuring a favorable client-to-server ratio
        2.  
          About throttling traffic to the media servers
    15.  
      About storage lifecycle policies
    16. Creating a storage lifecycle policy
      1.  
        Storage Lifecycle Policy dialog box settings
    17.  
      Creating a backup policy
    18.  
      Resilient Network properties
    19.  
      Specifying resilient connections
  4. Managing AdvancedDisk
    1. Managing AdvancedDisk storage servers
      1.  
        Viewing AdvancedDisk storage servers
      2.  
        Determining AdvancedDisk storage server state
      3.  
        Viewing AdvancedDisk storage server attributes
      4.  
        Removing AdvancedDisk storage server attributes
      5.  
        Removing an AdvancedDisk storage server from disk pool access
      6.  
        Deleting an AdvancedDisk storage server
    2. Managing AdvancedDisk disk pools
      1.  
        Viewing AdvancedDisk disk pools
      2.  
        About changing the AdvancedDisk disk pool size
      3.  
        Adding volumes to an AdvancedDisk disk pool
      4.  
        Changing AdvancedDisk disk pool properties
      5.  
        Determining AdvancedDisk disk pool state
      6.  
        Changing OpenStorage disk pool state
      7.  
        Determining AdvancedDisk disk volume state
      8.  
        Changing AdvancedDisk disk volume state
      9.  
        Merging AdvancedDisk disk pools
      10.  
        Removing a volume from an AdvancedDisk disk pool
      11.  
        Inventorying a NetBackup disk pool
      12.  
        Deleting an AdvancedDisk disk pool
    3.  
      About monitoring AdvancedDisk storage capacity and usage
    4.  
      Monitoring NetBackup disk activity
    5.  
      Viewing AdvancedDisk disk reports
    6. Displaying detailed AdvancedDisk storage usage information
      1.  
        NetBackup disk volume capacity and usage reference
    7.  
      Displaying KMS key information for AdvancedDisk encryption
  5. Troubleshooting AdvancedDisk
    1. About unified logging
      1.  
        About using the vxlogview command to view unified logs
      2.  
        Examples of using vxlogview to view unified logs
    2. About legacy logging
      1.  
        Creating NetBackup log file directories for AdvancedDisk
    3.  
      NetBackup AdvancedDisk log files
    4.  
      AdvancedDisk troubleshooting
    5.  
      Resolving an incorrect storage type problem
  6.  
    Index

About key management for encryption of NetBackup AdvancedDisk storage

NetBackup uses the Key Management Service (KMS) to manage the keys for the data encryption for disk storage. KMS is a NetBackup master server-based symmetric key management service. The service runs on the NetBackup master server. An additional license is not required to use the KMS functionality.

NetBackup uses KMS to manage the encryption keys for AdvancedDisk storage.

See About data encryption for AdvancedDisk storage.

The following table describes the encryption keys that are required for the KMS database.

Table: Encryption keys required for the KMS database

Key

Description

Host Master Key

The Host Master Key protects the key database. The Host Master Key requires a pass phrase and an ID. KMS uses the pass phrase to generate the key.

Key Protection Key

A Key Protection Key protects individual records in the key database. The Key Protection Key requires a pass phrase and an ID. KMS uses the pass phrase to generate the key.

The following table describes the encryption keys that are required for each storage server and volume combination.

Table: Encryption keys required for each storage server and volume combination

Key

Description

A key group

A key group key protects the key group. Each storage server and volume combination requires a key group, and each key group key requires a pass phrase. The key group name must use the format for the storage type that is described as follows:

For AdvancedDisk storage, the format depends on the operating system type that hosts the storage, as follows:

  • UNIX storage: storage_server_name:volume_name

    The following items describe the requirements for the key group name components for AdvancedDisk storage on UNIX:

    • storage_server_name : You must use the same name that you use for the storage server. The name can be a fully-qualified domain name or a short name, but it must be the same as the storage server.

    • The colon (:) is required after the storage_server_name.

    • volume_name : Use the last directory name in the storage path for the volume_name . For example, use backups if the storage path is /mnt/disk/backups.

  • Windows storage: storage_server_name:

    The following items describe the requirements for the key group name components for AdvancedDisk storage on Windows:

    • storage_server_name : You must use the same name that you use for the storage server. The name can be a fully-qualified domain name or a short name, but it must be the same as the storage server.

    • The colon (:) is required after the storage_server_name.

A key record

Each key group that you create requires a key record. A key record stores the actual key that protects the data for the storage server and volume.

See Configuring key management for NetBackup AdvancedDisk storage encryption.

More information about KMS is available in the NetBackup Security and Encryption Guide:

http://www.veritas.com/docs/DOC5332