BackPak H4.00 Catalog Sync Option

Disaster/Recovery Option Description

17 BackPak H4.00 Catalog Sync Option

Considerations for encrypted volumes

If the volumes were written with encryption, the encryption key is needed to restore

on the secondary side.

BackBox encryption keys are always stored in a tier-party Key manager such as HP

ESKM or KMIP compatible Key manager.

Typically, using duplication tools imbedded in the Key manager, the user enables the

duplication of encryption keys created on the primary side into an alternate Key

manager server available on the secondary site.

This key replication is transparent to BackPak/BackBox.

***

Using the same Key manager from the secondary side can be configured, but

acceptable only if this secondary side is used for data sharing only, not for Catalog

Sync.

BackPak does not support encryption in RESTRICTED data stores.

For SECONDARY Data stores, the BackPak catalogue contains the BackPak Key

manager ID that stored the encryption key at backup time, volume per volume.

In the domain on the secondary side, the same Key manager IDs must be configured

for the local VTCs and for pointing to the alternate Key manager that contains the

duplicated keys. The procedure describing this activity is in the

BackBox User

Manual, Configuration Chapter.

The report BB038 can be used on the secondary side to identify all Key manager IDs

required for all encrypted volumes.

It is also a good idea to specify the Key Manager ID in the volume groups of the

secondary side, although it will be used only when the user promotes the data store

to PRIMARY access and runs backups in this environment.