Backup Exec Best Practices

Last Published:
Product(s): Backup Exec (20.0)
  1. Backup Exec Best Practices
    1.  
      Best practices for Backup Exec software encryption
    2.  
      Best practices for Backup Exec installation
    3.  
      Best practices for Backup Exec tape management
    4.  
      Best practices for Backup Exec disk-based storage
    5.  
      Best practices for Backup Exec data lifecycle management (DLM)
    6.  
      Best practices for Backup Exec catalogs
    7.  
      Best practices for Backup Exec backups
    8.  
      Best practices for Backup Exec backing up critical system components
    9.  
      Best practices for Backup Exec Agent for Microsoft Exchange Server
    10.  
      Best practices for Backup Exec Agent for Microsoft SQL Server
    11.  
      Best practices for Backup Exec Agent for Linux
    12.  
      Best practices for Backup Exec Agent for Microsoft SharePoint
    13.  
      Best practices for Backup Exec Central Admin Server Option
    14.  
      Best practices for Backup Exec Agent for Oracle on Windows and Linux Servers
    15.  
      Best practices for Backup Exec NDMP Option
    16.  
      Best practices for Backup Exec reports
    17.  
      Best practices for Backup Exec and LiveUpdate
    18.  
      Best practices for Backup Exec Simplified Disaster Recovery
    19.  
      Best practices for Backup Exec Agent for Enterprise Vault and the Backup Exec Migrator
    20.  
      Best practices for Backup Exec Granular Recovery Technology
    21.  
      Best practices for Backup Exec Remote Media Agent for Linux
    22.  
      Best practices for Backup Exec Agent for Microsoft Hyper-V
    23.  
      Best practices for Backup Exec Agent for VMware
    24.  
      Best practices for Backup Exec Storage Provisioning Option
    25.  
      Best practices for using Backup Exec with server clusters
    26.  
      Best practices for Backup Exec Deduplication Option
    27.  
      Best practices for using Backup Exec Deduplication Option with the Central Admin Server Option
    28.  
      Best practices for using hot-pluggable devices such as USB devices in a drive rotation strategy
    29.  
      Best practices for Backup Exec database encryption keys
    30.  
      Best Practices for Using the Veritas Backup Exec Cloud Connector

Best practices for Backup Exec database encryption keys

Best practices include tips and recommendations to help you use Backup Exec to manage the database encryption feature effectively. For more information about database encryption, see the Backup Exec Administrator's Guide.

The following best practices can help ensure the effective operation of database encryption:

  • Export the database encryption key immediately after you install Backup Exec to ensure that you have a copy of it in the event of a server failure.

    To export the database encryption key, complete the following steps:

    • Click the Backup Exec button, select Configuration and Settings, and then click Backup Exec Settings.

    • In the left pane, select Database Maintenance and Security.

    • In the Path field, type the location to which you want to export the encryption key.

    • Click Export.

      The key is exported to the location that you specified. The key is named with a unique hash value. Backup Exec uses the name to identify the key later. Do not change the key's file name or file contents. If you want to export the key to additional locations, repeat the previous steps.

    • Click OK.

    Make sure that you export the database encryption key to a location that meets the following criteria:

    • The destination is either on a physical volume that is assigned to a drive letter or a network share that is specified by a UNC path (network shares that are mapped to drive letters are not supported).

    • The destination has enough disk space.

    • The destination is accessible from the Backup Exec server.

    • Backup Exec has permission to write to the destination.

  • Save the database encryption key to a secure location. Veritas recommends that you save the key to an off-site location for increased security. It is your responsibility to ensure that the database encryption key is backed up.

  • Exercise caution when you configure access rights for the Data folder in the Backup Exec install directory. The Data folder contains the Backup Exec Database, SSL certificates, and database encryption keys as well as other critical data. The Data folder is protected from unauthorized access using Windows Access Control Lists (ACL). You should ensure that only trusted users can access the Data folder.

  • Refresh the database encryption keys periodically. Refreshing the database encryption keys helps to protect the server from any attacks that might try to decipher the keys.

    For more information about refreshing the database encryption keys, refer to the Backup Exec Administrator's Guide.