About pushing the legacy encryption configuration to clients

You can use the -crypt_option and -crypt_strength options on the bpinst command to set encryption-related configuration on NetBackup clients as follows:

The -crypt_option option specifies whether the client should deny encrypted backups (denied), allow encrypted backups (allowed), or require encrypted backups (required).
The -crypt_strength option specifies the DES key length (40 or 56) that the client should use for encrypted backups.

To install the encryption client software and require encrypted backups with a 56-bit DES key, use the following command from the server:

bpinst -LEGACY_CRYPT -crypt_option required -crypt_strength des_56 \ 
-policy_names policy1 policy2

The example uses a UNIX continuation character (\) because it is long. To allow either encrypted or non-encrypted backups with a 40-bit DES key, use the following command:

bpinst -LEGACY_CRYPT -crypt_option allowed -crypt_strength des_40 \ 
client1 client2

In clustered environments you can do the following:

Push the configuration to the client only from the active node.
Specify the host names of the individual nodes (not the virtual names) in the list of clients.

Note:

The primary server USE_VXSS setting in bp.conf should be set to AUTOMATIC. Use this setting when pushing from an NBAC enabled primary to a host that does not have NetBackup previously installed. Also use this setting when NBAC has not enabled the primary server'sUSE_VXSS setting in bp.conf.

About pushing the legacy encryption configuration to clients

Feedback

Feedback