About external KMS for encryption of NetBackup cloud storage
NetBackup supports keys from external key management service (external KMS) server in case of cloud storage.
If external KMS is configured on the primary server, note the following:
No extra steps are required to configure external KMS in the Cloud Storage Server Configuration Wizard.
No extra steps are required to provide inputs for key passphrase in the Disk Pool Configuration Wizard.
Symmetric encryption key is required for each storage server and volume combination. Symmetric encryption key is not created on the external KMS server for each storage server and volume combination. You need to ensure that a Symmetric encryption key already exists on the external KMS server with a custom attribute with value of key group in the 'storage_server_name:volume_name' format.
More information about external KMS is available in the NetBackup Security and Encryption Guide.