Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. External key management service configuration in NetBackup
  5. Working with external KMS during backup and restore
  6. Additional security considerations for MSDP media servers
NetBackup™ Security and Encryption Guide

Additional security considerations for MSDP media servers

This information is applicable only for MSDP storage servers.

Starting with NetBackup 11.1, the KMIP Encrypt/Decrypt operations are preferably used to communicate with an external KMS server. If the KMS server does not support the Encrypt/Decrypt operations, NetBackup automatically starts using the GetKey operation to communicate with the KMS server.

With the GetKey operation, the key is transferred from KMS server to NetBackup primary server and this may cause security issues.

For enhanced security, you can configure NetBackup to disable the transfer of the key from the KMS server to the NetBackup primary server. The KMIP server must support the Encrypt/Decrypt operations for encryption and decryption to function as required.

See FETCH_MSDP_EKMS_KEY for NetBackup servers and clients.

Feedback

Was this page helpful?
Previous

Working with external KMS during backup and restore

Next

FETCH_MSDP_EKMS_KEY for NetBackup servers and clients

Feedback

Was this page helpful?