FETCH_MSDP_EKMS_KEY for NetBackup servers and clients

Starting with NetBackup 11.1, the KMIP Encrypt/Decrypt operations are preferably used to communicate with an external KMS server. If the KMS server does not support the Encrypt/Decrypt operations, NetBackup automatically starts using the GetKey operation to communicate with the KMS server.

With the GetKey operation, the key is transferred from KMS server to NetBackup primary server and this may cause security issues.

Set the FETCH_MSDP_EKMS_KEY configuration option to '0' or 'False' to disable the transfer of the key from the KMS server to the NetBackup primary server.

Table:

Usage	Description
Where to use	On NetBackup primary servers.
How to use	Use the nbgetconfig and the nbsetconfig commands to view, add, or change the option. For information about these commands, see the NetBackup Commands Reference Guide. To disable the transfer of a key from KMS server to NetBackup primary server., use the following format: FETCH_MSDP_EKMS_KEY = 0
Equivalent NetBackup web UI property	No equivalent property in the web UI.

Usage

Description

Where to use

On NetBackup primary servers.

How to use

Use the nbgetconfig and the nbsetconfig commands to view, add, or change the option.

For information about these commands, see the NetBackup Commands Reference Guide.

To disable the transfer of a key from KMS server to NetBackup primary server., use the following format:

FETCH_MSDP_EKMS_KEY = 0

Equivalent NetBackup web UI property

No equivalent property in the web UI.

FETCH_MSDP_EKMS_KEY for NetBackup servers and clients

Feedback

Feedback