Performing the KMS key rotation
This process may run concurrently with the normal NetBackup operations such as backups and restores. However, best practice is to perform KMS key rotation during a maintenance window. KMS key rotation should complete quickly.
To perform the KMS key rotation
- Ensure that you have created a new KMS key on the KMS service you configured MSDP to use.
- Run the following command to start the KMS key rotation process in MSDP.
/usr/openv/pdde/pdcr/bin/crcontrol --kmskeyrotation
- Use kek_tag_reporting tool to verify that a new KMS key is updated.
/usr/openv/pdde/pdcr/bin/kek_tag_reporting.py -r
/usr/openv/netbackup/bin/nbkmscmd -listKeys -name nbkms