Set the passphrase to encrypt disaster recovery packages
During each catalog backup, a disaster recovery package is created and encrypted with the passphrase that you set. If you need to perform disaster recovery, you need to provide this encryption passphrase when you install NetBackup on the primary server in the disaster recovery mode.
If you do not set a passphrase before you run a catalog backup, the following points apply:
NetBackup prevents you from configuring a new catalog backup policy.
If the catalog backup policy is upgraded from a previous version, catalog backups continue to fail until the passphrase is set.
Note:
Catalog backups may fail with status code 144 even though the passphrase is set. This situation occurs because the passphrase may be corrupted. To resolve this issue, you must reset the passphrase.
Caution:
Ensure that the passphrase contains only the supported characters. If you enter a character that is not supported, you may face problems during disaster recovery package restore. The passphrase may not be validated and you may not be able to restore the disaster recovery package.
Before you modify the passphrase, review the following information:
See Notes for modifying the passphrase for the disaster recovery packages.
To set or modify the passphrase (NetBackup web UI)
- Open the NetBackup web UI.
- At the top, select Settings > Global security.
- Select Disaster recovery.
- Enter and confirm the passphrase.
Review the following password rules:
The existing passphrase and the new passphrase must be different.
By default, the passphrase must contain a minimum of 8 and a maximum of 1024 characters.
You can set the passphrase constraints using the nbseccmd -setpassphraseconstraints command option.
Only the following characters are supported for the passphrase: White spaces, uppercase characters (A to Z), lowercase characters (a to z), numbers (0 to 9), and special characters.
Special characters include: ~ ! @ # $ % ^ & * ( ) _ + - = ` { } [ ] | : ; ' , . / ? < > "
Caution:
If you enter a character that is not supported, you may face problems during disaster recovery package restore. The passphrase may not be validated and you may not be able to restore the disaster recovery package.
- Select Save. If the passphrase already exists, it is overwritten.
Before you modify the passphrase, review the following information:
See Notes for modifying the passphrase for the disaster recovery packages.
To set or modify the passphrase using the command-line interface
- The NetBackup administrator must be logged on to the NetBackup Web Management Service to perform this task. Use the following command to log on:
bpnbat -login -loginType WEB
- Run the following command to set a passphrase to encrypt disaster recovery packages:
nbseccmd -drpkgpassphrase
- Enter the passphrase.
If a passphrase already exists, it is overwritten.
Consider the following points before you modify the passphrase:
Subsequent disaster recovery packages are encrypted with the new passphrase that you set.
If you change the passphrase anytime, it is not changed for the previous disaster recovery packages. Only new disaster recovery packages are associated with the new passphrase.
The passphrase that you provide when you install NetBackup on the primary server in a disaster recovery mode after a disaster must correspond to the disaster recovery package from which you want to recover the primary server host identity.