Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. External key management service
  9. Workflow for external KMS configuration
NetBackup™ Security and Encryption Guide

Workflow for external KMS configuration

For external KMS integration, centralized configuration on the NetBackup master server is used. The master server should establish an outbound connection with the KMIP port on the external KMS server. Configure the communication channel with external KMS on the master server with certificate credentials. The master server then sends all the requests to the external KMS servers on behalf of other servers such as media servers.

Table: Workflow to configure a KMS

Step number

Step

Reference topic

Step 1

Validate KMS credentials

See Validating KMS credentials.

Step 2

Configure KMS credentials

See Configuring KMS credentials.

Step 3

Configure KMS

See Configuring KMS.

Step 4

Create keys

See Creating keys in an external KMS.

Step 5

Configure storage

Refer to the NetBackup Administrator's Guide, Volume I.

Step 6

Configure policy

Refer to the NetBackup Administrator's Guide, Volume I.

Feedback

Was this page helpful?
Previous

Certificate configuration and authorization

Next

Validating KMS credentials

Feedback

Was this page helpful?