On 11/30/2011 11:02 AM, smpt wrote: > • Disaster recovery is not supported with encrypted backups. > Therefore you must not encrypt backups used for Disaster Recovery restore > > This is true only if you do not replicate the keys. With library KMS you must > have a replicated KMS and with netbackup KMS you have to replicate or backup > the keys (unencrypted backup) >
The NBU KMS db is small and static (Only changes when you run the kms commands to move keys through lifecycle stages, or add new keys). This is easy to keep synchronized with your recovery master server provided you have network connectivity. If you need to do tape transport only to your recovery site, you may need to devise another way to have the keys available for personnel to enter. You need to know the keygroup names, the passphrase that generates the key and the key tag, and you can re-enter them into KMS on the bare install master before starting the catalog recovery. _______________________________________________ Veritas-bu maillist - [email protected] http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
