Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. External key management service
  9. About external KMS
NetBackup™ Security and Encryption Guide

About external KMS

The external KMS support offers an alternative to the NetBackup key management service (KMS) for data-at-rest encryption keys.

Backup images that are stored on storage configurations like tape, cloud, MSDP, and AdvancedDisk can be encrypted using the keys that the external KMS server maintains.

NetBackup supports the communication with external KMS using Key Management Interoperability Protocol (KMIP).

See the NetBackup Compatibility List for the KMIP versions that NetBackup supports.

NetBackup supports the authentication with external KMS server using security certificates. During each operation, NetBackup presents the certificate to the external KMS and requests to perform the required operation. External KMS validates the certificate and performs that operation if the user has the required permissions.

See the video External KMS support in NetBackup for details.

Feedback

Was this page helpful?
Previous

External key management service

Next

Certificate configuration and authorization

Feedback

Was this page helpful?