Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. Cloud key management service configuration in NetBackup
  5. About cloud KMS
NetBackup™ Security and Encryption Guide

About cloud KMS

Along with NetBackup KMS and external KMS, NetBackup now supports cloud KMS to manage data-at-rest encryption keys.

The following cloud providers are supported for cloud KMS configuration in NetBackup:

  • Amazon Web Services (AWS)

  • Google Cloud Platform (GCP)

  • Microsoft Azure

Backup images stored on MSDP storage servers can be encrypted using keys that are maintained in the respective Cloud KMS. NetBackup authenticates with the Cloud KMS using credentials configured in the NetBackup Credential Management System.

Optionally, you can configure an HTTP or HTTPS proxy server to communicate with cloud KMS. Proxy server credentials are managed through the NetBackup Credential Management System using the NetBackup web UI.

Support information for cloud KMS configuration

Cloud KMS is supported only on MSDP storage servers. Tapes, advanced disks, or cloud storage servers are not supported.

  • Amazon Web Services (AWS)

    • Both symmetric and asymmetric RSA keys are supported.

    • For asymmetric RSA keys, RSA_OAEP and RSA_OAEP_256 algorithms are supported.

    • For symmetric keys, the AWS-managed symmetric encryption algorithm is used.

  • Google Cloud Platform (GCP)

    • Only symmetric keys are supported.

    • For symmetric keys, the Google-managed symmetric encryption algorithm is used.

  • Microsoft Azure

    • Only Key Vaults are supported.

    • Only asymmetric RSA keys are supported.

    • RSA_OAEP and RSA_OAEP_256 algorithms are supported.

    • Hardware Security Module (HSM)-backed keys are not supported.

Feedback

Was this page helpful?
Previous

Cloud key management service configuration in NetBackup

Next

Workflow to configure cloud KMS in NetBackup

Feedback

Was this page helpful?