Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. External key management service
NetBackup™ Security and Encryption Guide

External key management service

This section includes the following topics:
  • About external KMS

  • Certificate configuration and authorization

  • Workflow for external KMS configuration

  • Validating KMS credentials

  • Configuring KMS credentials

  • Configuring KMS

  • Configuring keys in an external KMS for NetBackup consumption

  • Creating keys in an external KMS

  • Determining a key group name during storage configuration

  • Working with multiple KMS servers

  • Working with external KMS during backup and restore

  • Key rotation

  • Disaster recovery when catalog backup is encrypted using an external KMS server

  • Alerts for expiration of KMS credentials

Feedback

Was this page helpful?
Previous

Troubleshooting example - restore with an improper key record state

Next

About external KMS

Feedback

Was this page helpful?