Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Veritas NetBackup™ Security and Encryption Guide
  3. Section III. Encryption of data at rest
  4. NetBackup key management service
  5. About the Key Management Service (KMS)
  6. About writing an encrypted tape
Veritas NetBackup™ Security and Encryption Guide

About writing an encrypted tape

BPTM receives a request to write to a tape and to use a tape from a volume pool with the ENCR_ name prefix. The ENCR_ prefix is a signal to BPTM that the information to be written to tape is to be encrypted.

BPTM contacts KMS and requests an encryption key from the key group with a name that matches the name of the volume pool.

KMS hands back to BPTM an encryption key and a key identifier (known as the encryption key tag).

BPTM places the drive in encryption mode and registers the key tag and identifier tag with the drive. This process is all done with the SCSI security protocol in or out command that has been added to the SCSI specification.

The backup then proceeds as normal.

When the backup is complete, BPTM unregisters the key and tag with the drive and sets the drive back into regular mode.

BPTM then records the tag in the NetBackup image record catalog.

Figure: Process flow for writing an encrypted tape shows how the process flows.

Figure: Process flow for writing an encrypted tape

Process flow for writing an encrypted tape

Feedback

Was this page helpful?
Previous

KMS principles of operation

Next

About reading an encrypted tape

Feedback

Was this page helpful?