(1 votes, average: 5.00 out of 5)

1 Netbackup KMS Setup
2 KMS Database recovery
- 2.1 Recovery option 1
- 2.2 Recovery option 2
  - 2.2.1 To Backup the Database
  - 2.2.2 To Restore the Database

Netbackup KMS Setup

Create Empty KMS Database

# /usr/openv/netbackup/bin/nbkms -createemptydb
A pre-existing KMS database was found. Overwrite (yes/no)? : yes
 
Enter the Host Master Key (HMK) passphrase (or hit ENTER to use a randomly
generated HMK). The passphrase will not be displayed on the screen.
Enter passphrase : 
Re-enter passphrase : 
 
An ID will be associated with the Host Master Key (HMK) just created. The ID
will assist you in determining the HMK associated with any key store.
Enter HMK ID : devtech-hmk
 
Enter the Key Protection Key (KPK) passphrase (or hit ENTER to use a randomly
generated KPK). The passphrase will not be displayed on the screen.
Enter passphrase :
Re-enter passphrase :
 
An ID will be associated with the Key Protection Key (KPK) just created. The
ID will assist you in determining the KPK associated with any key store.
Enter KPK ID : devtech-kpk
 
Operation successfully completed

Start KMS Service

/usr/openv/netbackup/bin/nbkms

Create Key Group

/usr/openv/netbackup/bin/admincmd/nbkmsutil -createkg -kgname ENCR_Vault

Create and Activate a New Key

/usr/openv/netbackup/bin/admincmd/nbkmsutil -createkey -keyname jul2009 -kgname ENCR_Vault -activate

Create a Volume Group Matching the Key Group

/usr/openv/volmgr/bin/vmpool -create -pn ENCR_Vault -description "encrypted offsite"

List All Keys

/usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname ENCR_Vault

You will need the Key Tag and the Key Name for recovery option 1 below

KMS Database recovery

Recovery option 1

Example keys

DC1 keyname & tag
/usr/openv/netbackup/bin/admincmd/nbkmsutil -recoverkey -keyname jul2009 -kgname ENCR_Vault -tag e190ffe339b191879cded1440b1454cbfcd40dd9f1c95ae348289f0ed49bce43
 
DC2 keyname & tag
/usr/openv/netbackup/bin/admincmd/nbkmsutil -recoverkey -keyname dec2009 -kgname ENCR_BNY -tag 1e1edcf39c5222887679da57075e5b2cb568293133ab77a9604607526a89d3dd

Verify that all your keys are restored

/usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname ENCR_Vault

Recovery option 2

To Backup the Database

/usr/openv/netbackup/bin/admincmd/nbkmsutil -quiescedb
cd /catalog/
tar cf kms_071409.tar kms
/usr/openv/netbackup/bin/admincmd/nbkmsutil -unquiescedb

To Restore the Database

/usr/openv/netbackup/bin/nbkms -terminate
cd /catalog/
tar xf kms_071409.tar
/usr/openv/netbackup/bin/nbkms

Verify that all your keys are restored

/usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname ENCR_Vault

0 0 votes

Article Rating

Contents

Netbackup KMS Setup

Create Empty KMS Database

Start KMS Service

Create Key Group

Create and Activate a New Key

Create a Volume Group Matching the Key Group

List All Keys

KMS Database recovery

Recovery option 1

Recovery option 2

To Backup the Database

To Restore the Database

Like this:

Related

Contents

Netbackup KMS Setup

Create Empty KMS Database

Start KMS Service

Create Key Group

Create and Activate a New Key

Create a Volume Group Matching the Key Group

List All Keys

KMS Database recovery

Recovery option 1

Recovery option 2

To Backup the Database

To Restore the Database

Share this:

Like this:

Related