Configuring encryption for MSDP local storage volume
Encrypting a key with another key is called envelop encryption. MSDP uses an envelope encryption.
More information is available on how to configure and to use KMS.
See About MSDP Encryption using NetBackup Key Management Server service.
For MSDP initial setup, you can use NetBackup web UI to configure encryption. Use the following steps manually to enable encryption for the existing systems. Once enabled, all data to the MSDP server local disk volume including NetBackup media servers, servers in opt-dup, servers in AIR, and client direct hosts is encrypted. You are not required to configure encryption at any other places.
Note:
The following steps are for MSDP local disk volume only. For MSDP cloud volume encryption, see the following topic.
To configure backup encryption for MSDP local storage volume
On the storage server, open the
contentrouter.cfgfile in a text editor; it resides in the following directory:(UNIX)
storage_path/etc/puredisk(Windows)
storage_path\etc\puredisk
- Add encrypt to the ServerOptions line of the file. For example:
ServerOptions=fast,verify_data_read,encrypt
Encryption is enabled for all the data that is stored on the server, which includes the MSDP storage server, the MSDP load-balancing servers, and the NetBackup Client Direct deduplication clients.
- Restart the MSDP services.
Note:
Encryption configuration using the pd.conf file needs changes in NetBackup media servers or clients, and its use is deprecated.