Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Cloud Administrator's Guide
  5. Configuring cloud storage in NetBackup
  7. Configuring a storage server for cloud storage
  9. KMS database encryption settings
Veritas NetBackup™ Cloud Administrator's Guide

KMS database encryption settings

This section describes the settings to configure the NetBackup Key Management Service database and the encryption keys for your cloud storage. This information protects the database that contains the keys that NetBackup uses to encrypt the data. Key groups and key records also are required for encryption. The Cloud Storage Server Configuration Wizard and the Disk Pool Configuration Wizard configures the encryption for you.

Table: Required information for the encryption database

Field Name

Required information

KMS Server Name

This field displays the name of your NetBackup master server. You can only configure KMS on your master server. This field cannot be changed.

If KMS is not configured, this field displays <kms_server_name>.

Host Master Key (HMK) Passphrase

Enter the key that protects the database. In KMS terminology, the key is called a passphrase.

Re-enter HMK Passphrase

Re-enter the host master key.

Host Master Key ID

The ID is a label that you assign to the master key. The ID lets you identify the particular host master key. You are limited to 255 characters in this field.

To decipher the contents of a keystore file, you must identify the correct Key Protection Key and Host Master Key. These IDs are stored unencrypted in the keystore file header. You can select the correct ones even if you only have access to the keystore file. To perform a disaster recovery you must remember the correct IDs and the pass phrases that are associated with the files.

Key Protection Key (KPK) Passphrase

Enter the password that protects the individual records within the KMS database. In KMS terminology, the key is called a passphrase.

Re-enter KPK Passphrase

Re-enter the key protection password.

Key Protection Key ID

The ID is a label that you assign to the key. The ID lets you identify the particular key protection key. You are limited to 255 characters in this field.

To decipher the contents of a keystore file, you must identify the correct Key Protection Key and Host Master Key. These IDs are stored unencrypted in the keystore file header. You can select the correct ones even if you only have access to the keystore file. To perform a disaster recovery you must remember the correct IDs and the pass phrases that are associated with the files.

After you configure the storage server and disk pool, it is recommended that you save a record of the key names.

See Saving a record of the KMS key names for NetBackup cloud storage encryption.

Feedback

Was this page helpful?
Previous

Configuring a storage server for cloud storage

Next

Assigning a storage class to Amazon cloud storage

Feedback

Was this page helpful?