Hi,
I am in need of some assistance/ guidance with KMS encryption. Recently, we have configured a test backup job with encryption using Key:
Environment
Netbackup Master Server version: 7.6.0.1
Volume Pool: ENCR_prod
Backup policy: Created 2 test policies, one for backing up policy type "MS-Windows" and the other "NDMP" with different sets of folders. Reason being, we wanted to test KMS capability to back up both normal Windows file shares and CIFS shares via NDMP backup.
To verify the backup images were encrypted, I checked the "Image on Tape" report via NBU Administration Console and I can see that the backed up images were encrypted with a unique key identifier on each tape media (under "Encryption Key Tag" column with 256 bit, 64 characters).
Question
How do we configure the volume pool (if possible) so that any available media can be used between encrypted/non-encrypted backup job? As we have had to defined the volume pool specifically to use "ENCR_xxxx" as part of the KMS backup requirement, we had to manually assign separate media (tape, in our case) just to perform a particular backup selection, hence consuming additional tapes which is not ideal in our situation.
From what I understand Netbackup looks specifically at the volume pool with the prefix "ENCR_xxxx" when the back up job is initiated, and unless there is a tape assigned to the "ENCR_prod" pool in our case, the backup job will fail. Is there an alternate way (using KMS) to share both encrypted and non-encrypted back up jobs?
Any assistance is much appreciated.
Thank you.