NetBackup standard encryption restore process

The prerequisites for restoring a standard encrypted backup are as follows:

The encryption software must be loaded onto the client.
Note:
The encryption software is automatically installed with the NetBackup UNIX server and client installations.
A key file must exist. The key file is created when you run the bpkeyutil command from the server or from the client.

When the restore occurs, the server determines from the backup image whether the backup was encrypted. The server then connects to bpcd on the client to initiate the restore. The server sends to the client an encryption flag on the restore request.

When a backup takes place properly, the restore occurs as follows:

The server sends file names, attributes, and encrypted file data to the client to be restored.
If the client reads an encryption tar header, the client compares the checksum in the header with the checksums of the keys in the key file. If the one of the keys' checksum matches the header's checksum, NetBackup uses that key to decrypt the file data. It uses the cipher that is defined in the header.
The file is decrypted and restored if a key and cipher are available. If the key or cipher is not available, the file is not restored and an error message is generated.

NetBackup standard encryption restore process

Feedback

Feedback