Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ AdvancedDisk Storage Solutions Guide
  5. Configuring AdvancedDisk
  7. Configuring key management for NetBackup AdvancedDisk storage encryption
  9. Setting up the KMS database for NetBackup AdvancedDisk storage encryption
Veritas NetBackup™ AdvancedDisk Storage Solutions Guide

Setting up the KMS database for NetBackup AdvancedDisk storage encryption

Setting up the KMS database is the first task in the process of configuring the NetBackup Key Management Service by using NetBackup commands.

To set up the KMS database

  1. On the NetBackup master server, create the KMS database by running the nbkms command with the -createemptydb option, as follows:

    UNIX: /usr/openv/netbackup/bin/nbkms -createemptydb

    Windows: install_path\Veritas\NetBackup\bin\nbkms.exe -createemptydb

    The following prompt appears:

    Enter the Host Master Key (HMK) passphrase (or hit ENTER to use a 
randomly generated HMK). The passphrase will not be displayed on 
the screen.
Enter passphrase :
  2. Enter a pass phrase for the host master key (HMK) or press Enter to create a randomly generated key.

    After you enter the Host Master Key pass phrase, the following prompt appears:

    An ID will be associated with the Host Master Key (HMK) just 
created. The ID will assist you in determining the HMK associated 
with any key store.
Enter HMK ID :
  3. Enter an ID for the HMK. This ID can be anything descriptive that you want to use to identify the HMK.

    After you enter the Host Master Key ID, the following prompt appears:

    Enter the Key Protection Key (KPK) passphrase (or hit ENTER to 
use a randomly generated KPK). The passphrase will not be 
displayed on the screen.
Enter passphrase :
  4. Enter a pass phrase for the Key Protection Key or press Enter to create a randomly generated key.

    After you enter the Key Protection Key pass phrase, the following prompt appears:

    An ID will be associated with the Key Protection Key (KPK) just 
created. The ID will assist you in determining the KPK associated 
with any key store.
Enter KPK ID :
  5. Enter an ID for the KPK. The ID can be anything descriptive that you want to use to identify the KPK.
  6. Start the NetBackup Key Management Service on the master server. You can do so in the Activity Monitor of the NetBackup Administration Console.

    After you start the service, the initial database setup is complete.

  7. After you set up the database, create key groups for the volumes in the disk pool.

    See Creating a KMS key group for NetBackup AdvancedDisk storage encryption.

More Information

Configuring key management for NetBackup AdvancedDisk storage encryption

Feedback

Was this page helpful?
Previous

Configuring key management for NetBackup AdvancedDisk storage encryption

Next

Creating a KMS key group for NetBackup AdvancedDisk storage encryption

Feedback

Was this page helpful?