Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. External key management service configuration in NetBackup
  5. Working with external KMS during backup and restore
  6. FETCH_MSDP_EKMS_KEY for NetBackup servers and clients
NetBackup™ Security and Encryption Guide

FETCH_MSDP_EKMS_KEY for NetBackup servers and clients

Starting with NetBackup 11.1, the KMIP Encrypt/Decrypt operations are preferably used to communicate with an external KMS server. If the KMS server does not support the Encrypt/Decrypt operations, NetBackup automatically starts using the GetKey operation to communicate with the KMS server.

With the GetKey operation, the key is transferred from KMS server to NetBackup primary server and this may cause security issues.

Set the FETCH_MSDP_EKMS_KEY configuration option to '0' or 'False' to disable the transfer of the key from the KMS server to the NetBackup primary server.

Table:

Usage

Description

Where to use

On NetBackup primary servers.

How to use

Use the nbgetconfig and the nbsetconfig commands to view, add, or change the option.

For information about these commands, see the NetBackup Commands Reference Guide.

To disable the transfer of a key from KMS server to NetBackup primary server., use the following format:

FETCH_MSDP_EKMS_KEY = 0

Equivalent NetBackup web UI property

No equivalent property in the web UI.

Feedback

Was this page helpful?
Previous

Additional security considerations for MSDP media servers

Next

Checking the compatibility of KMS vendor with NetBackup

Feedback

Was this page helpful?