Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Administrator's Guide, Volume I
  5. Section V. Configuring backups
  7. Creating backup policies
  9. Policy Attributes tab
  11. Encryption (policy attribute)
  13. About NetBackup encryption options
Veritas NetBackup™ Administrator's Guide, Volume I

About NetBackup encryption options

NetBackup provides several methods for encrypting backups, as described in the following table.

Table: NetBackup encryption options

Option

Description

Client encryption

The NetBackup client encryption option is a software-based solution that encrypts the data on the client. The data is encrypted in transit and at rest. Each client manages its own encryption keys.

To enable client encryption, select the backup policy Encryption attribute.

See Encryption (policy attribute).

Tape drive encryption

With hardware-based tape drive encryption, an encrypting tape drive encrypts the data. The data is encrypted at rest only.

See the "Data at rest key management" chapter in the NetBackup Security and Encryption Guide.

One method to manage the volumes for hardware-based tape encryption is to use a reserved prefix on the volume pool name. The storage device must have encrypting tape drives. The storage unit must specify the storage device that has the encrypting tape drives. The backup policy must specify the correct storage unit and volume pool.

See About reserved volume pool name prefixes.

AdvancedDisk encryption

A plug-in in the NetBackup OpenStorage stack encrypts the data. The data is encrypted at rest only.

See the NetBackup AdvancedDisk Storage Solutions Guide.

Cloud storage encryption

A plug-in in the NetBackup OpenStorage stack encrypts the data. The data is encrypted at rest only (by default, NetBackup uses SSL for read and write operations).

See the NetBackup Cloud Administrator's Guide.

Cloud Catalyst encryption

The MSDP deduplication plug-in encrypts the data for Cloud Catalyst. The data is encrypted in transit and at rest. The NetBackup KMS (NBKMS) manages the encryption keys.

See the NetBackup Deduplication Guide and NetBackup Cloud Administrator's Guide.

Media Server Deduplication Pool encryption

The MSDP deduplication plug-in encrypts the data. The data can be encrypted in transit and at rest or at rest only. The NetBackup deduplication plug-in manages the encryption keys.

See the NetBackup Deduplication Guide.

Feedback

Was this page helpful?
Previous

Encryption (policy attribute)

Next

Collect disaster recovery information for Bare Metal Restore (policy attribute)

Feedback

Was this page helpful?