Updating encryption configurations for a cloud LSU
To enable KMS encryption configurations for a Cloud LSU, you can create a configuration file and then run nbdevconfig command.
Configuration file contents for updating encryption configurations are as follows:
Configuration setting | Description |
|---|---|
V7.5 "operation" "update-lsu-cloud" string | You can only update the KMS status from disabled to enabled. |
V7.5 "lsuName" " " string | Specifies the LSU name. |
V7.5 "lsuKmsEnable" "YES" string | Specifies the KMS status for the cloud LSU. |
V7.5 "lsuKmsServerName" "" string | Optional value. KMS server name that is shared among all LSUs. |
V7.5 "lsuKmsKeyGroupName" "" string | Optional value. Key group name that is shared among all LSUs. Key group name must have valid characters: A-Z, a-z, 0-9, _ (underscore), - (hyphen), : (colon), . (period), and space. |
Example to enable KMS status from disabled status to enabled status for cloud LSU "s3amazon":
V7.5 "operation" "update-lsu-cloud" string V7.5 "lsuName" "s3amazon" string V7.5 "lsuKmsEnable" "YES" string V7.5 "lsuKmsServerName" "XXX" string V7.5 "lsuKmsKeyGroupName" "XXX" string
Note:
All encrypted LSUs in one storage server must use the same keygroupname and kmsservername. If you use the nbdevconfig command to add a new encrypted cloud Logical storage unit (LSU) and an encrypted LSU exists in this MSDP, the keygroupname must be the same as the keygroupname in the previous encrypted LSU.
For more information, See About MSDP Encryption using NetBackup Key Management Server service.
After creating the configuration file, run the following command:
# /usr/openv/netbackup/bin/admincmd/nbdevconfig -setconfig -storage_server <storage server> -stype PureDisk -configlist <configuration file path>