About key management for encryption of NetBackup AdvancedDisk storage
NetBackup uses the Key Management Service (KMS) to manage the keys for the data encryption for disk storage. KMS is a NetBackup master server-based symmetric key management service. The service runs on the NetBackup master server. An additional license is not required to use the KMS functionality.
NetBackup uses KMS to manage the encryption keys for AdvancedDisk storage.
See About data encryption for AdvancedDisk storage.
The following table describes the encryption keys that are required for the KMS database.
Table: Encryption keys required for the KMS database
Key | Description |
|---|---|
Host Master Key | The Host Master Key protects the key database. The Host Master Key requires a pass phrase and an ID. KMS uses the pass phrase to generate the key. |
Key Protection Key | A Key Protection Key protects individual records in the key database. The Key Protection Key requires a pass phrase and an ID. KMS uses the pass phrase to generate the key. |
The following table describes the encryption keys that are required for each storage server and volume combination.
Table: Encryption keys required for each storage server and volume combination
Key | Description |
|---|---|
A key group | A key group key protects the key group. Each storage server and volume combination requires a key group, and each key group key requires a pass phrase. The key group name must use the format for the storage type that is described as follows: For AdvancedDisk storage, the format depends on the operating system type that hosts the storage, as follows:
|
A key record | Each key group that you create requires a key record. A key record stores the actual key that protects the data for the storage server and volume. |
See Configuring key management for NetBackup AdvancedDisk storage encryption.
More information about KMS is available in the NetBackup Security and Encryption Guide: