Veritas NetBackup™ AdvancedDisk Storage Solutions Guide
- Introducing AdvancedDisk
- Licensing AdvancedDisk
- Configuring AdvancedDisk
- Configuring key management for NetBackup AdvancedDisk storage encryption
- Configuring an AdvancedDisk storage server
- Configuring an AdvancedDisk disk pool
- Configuring an AdvancedDisk storage unit
- Creating a storage lifecycle policy
- Managing AdvancedDisk
- Managing AdvancedDisk storage servers
- Managing AdvancedDisk disk pools
- Displaying detailed AdvancedDisk storage usage information
- Toubleshooting AdvancedDisk
- About unified logging
- About legacy logging
About key management for encryption of NetBackup AdvancedDisk storage
NetBackup uses the Key Management Service (KMS) to manage the keys for the data encryption for disk storage. KMS is a NetBackup master server-based symmetric key management service. The service runs on the NetBackup master server. An additional license is not required to use the KMS functionality.
NetBackup uses KMS to manage the encryption keys for AdvancedDisk storage.
The following table describes the encryption keys that are required for the KMS database.
Table: Encryption keys required for the KMS database
Host Master Key
The Host Master Key protects the key database. The Host Master Key requires a pass phrase and an ID. KMS uses the pass phrase to generate the key.
Key Protection Key
A Key Protection Key protects individual records in the key database. The Key Protection Key requires a pass phrase and an ID. KMS uses the pass phrase to generate the key.
The following table describes the encryption keys that are required for each storage server and volume combination.
Table: Encryption keys required for each storage server and volume combination
A key group
A key group key protects the key group. Each storage server and volume combination requires a key group, and each key group key requires a pass phrase. The key group name must use the format for the storage type that is described as follows:
For AdvancedDisk storage, the format depends on the operating system type that hosts the storage, as follows:
A key record
Each key group that you create requires a key record. A key record stores the actual key that protects the data for the storage server and volume.
More information about KMS is available in the NetBackup Security and Encryption Guide: