What I think they are going for is the fact that tiviloi can have a bunch of keys and does a kind of round robbin with them so all the tapes do not have the same encrypted key That is a difference between kms - with NB kms if you have the key to that pool then you have the key to all the tapes in that pool Going the other way with a bunch of keys you would have to work to read each tape as they would have different encryptions
Comes down to how mich money and how strict you encryption needs are Then it could be in the future NB kms may offer that option at a price. (First one is free) ----- Original Message ----- From: veritas-bu-boun...@mailman.eng.auburn.edu <veritas-bu-boun...@mailman.eng.auburn.edu> To: veritas-bu@mailman.eng.auburn.edu <veritas-bu@mailman.eng.auburn.edu> Cc: abhishek.dhin...@in.ibm.co <abhishek.dhin...@in.ibm.co> Sent: Tue Jun 15 18:13:32 2010 Subject: Re: [Veritas-bu] Fw: KMS encryption > Today i tried configuring the KMS on my master > server(running on AIX). It worked perfectly fine, > i took help from veritas support and according to > them we can only keep one key in the key database, > it will always use the same key for encrypting the > data. Every time we need to change the encryption > key , we need to define the new key and deactivate > the one that> is activated. Either they were wrong or you misunderstood. You can have ten (from memory--it's in the book) keys in a keygroup. Only one key in each keygroup can be in the Active state, which is the key used for writing. The rest of the keys in a keybroup can be in the other states (pre-live, inactive, deprecated and terminated). All active AND inactive keys are available for decrypting; NetBackup matches the key-tag, which you can see in your database and in a NetBackup image list. _______________________________________________ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu _______________________________________________ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu