Yes, I recently started.
It is one chapter in the Security
and Encryption book, look for the book for the version you are running.
In the 6.5 it is chapter 6.
I have aix media servers so I
cannot do MESO
If I wanted to hardware encryption
using my IBM library I would have to PAY IBM a lot of money Plus get the Tivoli
key management system.
Kms comes with NB.
I just went to my library and
turned on “Application Managed Encryption”
Then I setup the kms database and
made my volume pools
NOTE: in 6.5.5 you can only
use 2 encrypted volume pools. In 7.0 you can use 20.
So now I am doing hardware
encryption – that is where all the work is done on the tape drive –
it also does my compression so no extra over head on my master or media.
Read the chapter carefully –
Make sure that the kms dir is not
put on your catalog tape, and do no encrypt the catalog tape ( that’s like
locking your keys in the car)
I have two sites.
I made my kms on one master, then
just copied the database to the other master, this way I know all encrypted key
tags match and I can read encrypted tapes at both sites.
Once reading the chapter I saw how
easy it really was.
Just make sure you document you
password strings and keep them in a secure place – not in just any file
on disk where someone else could find them.
From:
veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Abhishek
Dhingra1
Sent: Tuesday, June 15, 2010 12:10 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] KMS encryption
Hi,,
Has anyone ever used Netbackup 6.5 internal KMS encryption feature.
Pls share the
documents link of KMS and also wanted to know merits and demerits of using KMS
encryption.
Hope some one
have used KMS and could help me.
Rgds
A D
Email : abhishek.dhingra AT in.ibm DOT com