Creating a KMS key group for NetBackup AdvancedDisk storage encryption
Creating a KMS key group is the second task in the process of configuring the NetBackup Key Management Service manually.
A key group is a container for key records. Each storage server and volume combination requires a key group in the following format:
UNIX storage: storage_server_name:volume_name
Windows storage: storage_server_name:
To create a KMS key group
- On the NetBackup master server, create a key group by using the nbkmsutil command and the -createkg option. The format of the command depends on the operating system of the host or hosts to which the storage is attached, as follows:
Storage on UNIX:
/usr/openv/netbackup/bin/admincmd/nbkmsutil -createkg -kgname storage_server_name:volume_name
Storage on Windows:
install_path\Veritas\NetBackup\bin\admincmd\nbkmsutil -createkg -kgname storage_server_name:
The following is the criteria for the key group name:
For the storage_server_name, you must use the same name that you use for the storage server. The name can be a fully-qualified domain name or a short name, but it must be the same as the storage server.
The colon (:) is required after the storage_server_name.
For the volume_name on UNIX host storage, specify the name of the last directory in the storage path. For example, use
backupsif the storage path is/mnt/disk/backups.Storage hosted on windows servers does not require a volume_name.
- After you create the key groups, create a key record for each group.
See Creating a KMS key for NetBackup AdvancedDisk storage encryption.