Converting the legacy KMS to KEK-based KMS

NetBackup 10.2 and earlier version use index-based KMS. Data containers written with the legacy index-based KMS can be converted to the current KEK-based KMS using the encryption crawler. This process may run concurrently with the normal NetBackup operations such as backups and restores. Best practice is to perform KMS conversion during a maintenance window. Conversion may take a very long time to complete since it depends on the amount of data that needs to be converted.

To convert the legacy KMS to KEK-based KMS

Reset the encryption crawler if it was used previously.
/usr/openv/pdde/pdcr/bin/crcontrol --encconvertreset
Run the following command to start the conversion process in MSDP.
/usr/openv/pdde/pdcr/bin/crcontrol --legacykmsconverton
Monitor the conversion progress.
/usr/openv/pdde/pdcr/bin/crcontrol --encconvertstate 2

Converting the legacy KMS to KEK-based KMS

Feedback

Feedback