Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. External key management service configuration in NetBackup
  5. Checking the compatibility of KMS vendor with NetBackup
NetBackup™ Security and Encryption Guide

Checking the compatibility of KMS vendor with NetBackup

Check the compatibility of the KMS vendor with NetBackup for successful configuration of KMS in your environment.

See Configuring KMS credentials.

See Configuring KMS.

To check the compatibility of KMS vendor with NetBackup

  1. Ensure that you to have the administrative privileges or the permissions from the KMS administrator to perform KMIP compatibility operations on the KMS.
  2. Run the following command:

    nbkmiputil -ekmsCheckCompat|-ecc -extended -kmsServer kms_server_name -port port -certPath cert_path -privateKeyPath private_key_path -truststorepath trust_store_path

    The -ekmsCheckCompat command option is useful when the KMS vendor is not listed as a supported KMS vendor in the NetBackup hardware compatibility list and you want to verify the compatibility of the vendor with NetBackup.

    The command checks for issues related to execution of the KMIP operation on the given KMS sever and the supported KMIP protocol versions.

    The following validations and tasks are carried out when you run the command:

    • Checking KMIP version compatibility

    • Fetching server details

    • Validating KMIP operation

    • Creating keys

    • Deactivating keys

    • Compromising keys

    • Fetching active keys by key groups

    • Fetching NetBackup keys by key IDs

    • Setting key attributes

    • Fetching NetBackup keys based on attributes

    • Retrieving attributes that are set for a key from the server and verifying them

    • Destroying keys that were created by this command option

  3. If a check fails, contact Cohesity Technical Support.
  4. If the check passes, contact Cohesity Technical Support to add this KMS vendor in the NetBackup hardware compatibility list.

Feedback

Was this page helpful?
Previous

FETCH_MSDP_EKMS_KEY for NetBackup servers and clients

Next

Key rotation

Feedback

Was this page helpful?