Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Deduplication Guide
  5. Configuring deduplication
  7. About MSDP Encryption using KMS service
Veritas NetBackup™ Deduplication Guide

About MSDP Encryption using KMS service

NetBackup incorporates Key Management Server (KMS) with Media Server Deduplication Pool.

MSDP encryption carries out segment-level encryption and assigns a unique encryption key for every data segment. A customer key is retrieved from NetBackup KMS to encrypt the segment key. The customer key is refreshed regularly and KMS service rotates the user key frequently (every 3 months by default).

You can configure the KMS service from the NetBackup Administration Console or the NetBackup command line during storage server configuration.

Note:

You cannot disable the MSDP KMS service once you enable it.

You can use the following commands to get the status of the KMS mode:

  • For UNIX:

    /usr/openv/pdde/pdcr/bin/crcontrol --getmode

  • For Windows:

    <install_path>\Veritas\pdde\crcontrol.exe --getmode

For enabling KMS, refer to the following topics:

More Information

Configuring a storage server for a Media Server Deduplication Pool

Feedback

Was this page helpful?
Previous

Enabling 96-TB support for MSDP

Next

Upgrading KMS for MSDP

Feedback

Was this page helpful?