subject:"\[Veritas\-bu\] KMS encryption"

[Veritas-bu] KMS encryption

2010-06-15 Thread Abhishek Dhingra1

Hi,,

Has anyone ever used Netbackup 6.5 internal KMS encryption feature. 

Pls share the documents link of KMS and also wanted to know merits and 
demerits of using KMS encryption.

Hope some one have used KMS and could help me.

Rgds
A D
Email : abhishek.dhin...@in.ibm.com
___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-06-15 Thread judy_hinchcliffe

Yes, I recently started.

It is one chapter in the Security and Encryption book, look for the book for 
the version you are running.  In the 6.5 it is chapter 6.


I have aix media servers so I cannot do MESO

If I wanted to hardware encryption using my IBM library I would have to PAY IBM 
a lot of money Plus get the Tivoli key management system.

Kms comes with NB.
I just went to my library and turned on Application Managed Encryption
Then I setup the kms database and made my volume pools
NOTE:  in 6.5.5 you can only use 2 encrypted volume pools.  In 7.0 you can use 
20.

So now I am doing hardware encryption - that is where all the work is done on 
the tape drive - it also does my compression  so no extra over head on my 
master or media.

Read the chapter carefully -
Make sure that the kms dir is not put on your catalog tape, and do no encrypt 
the catalog tape ( that's like locking your keys in the car)
I have two sites.
I made my kms on one master, then just copied the database to the other master, 
this way I know all encrypted key tags match and I can read encrypted tapes at 
both sites.

Once reading the chapter I saw how easy it really was.

Just make sure you document you password strings and keep them in a secure 
place - not in just any file on disk where someone else could find them.
From: veritas-bu-boun...@mailman.eng.auburn.edu 
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Abhishek 
Dhingra1
Sent: Tuesday, June 15, 2010 12:10 PM
To: veritas-bu@mailman.eng.auburn.edu
Subject: [Veritas-bu] KMS encryption


Hi,,

Has anyone ever used Netbackup 6.5 internal KMS encryption feature.

Pls share the documents link of KMS and also wanted to know merits and demerits 
of using KMS encryption.

Hope some one have used KMS and could help me.

Rgds
A D
Email : abhishek.dhin...@in.ibm.com
___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-06-15 Thread judy_hinchcliffe

You can have 1 key per volume pool.

So on  6.5.5 you can encrypt 2 pools.

You can have different encryption keys for each pool.  So I have 2 different 
key tags depending on which pool the tape belongs to.

In 7.0 you can have 20 pools, but again you can only have 1 active key per 
volume pool.

Now if you want to change your key, you have those “levels” of a key.
You take current key from active to inactive, and create a new active key for 
that pool.
An inactive key can be used to decrypt a tape.  So if you have a new active key 
you can still read the tapes made with the old key.
Where a deprecated key will stay in the database if you want it, but you cannot 
use it to write or read a tape.


You said: “in case if we don’t have encryption feature enabled at hardware on 
another site, is there any way to perform the restore.
“

No – that is the whole point of encryption.
You must have application managed encryption turned on at the other library ( 
this cost me nothing on my IBM TS3310)
And YOU MUST have the SAME keys on the database at the other site.
TEST TEST TEST  - before you start doing all your tapes verify that you can 
tape a tape made here and be able to restore it at your other site.  If you 
cannot read an encrypted tape at your DR site – then what is the point.  You 
want to lock others out of reading your tapes, not yourself.

The way to verify is when looking at your tapes and you see the encrypted key 
tag on the image.
Your kms database at your other site must have an exact matching key tag.

As kms is just a bunch of file…. You just copy that dir over to the other 
server.

The only issue right now for me is 2 volume pools.  I wanted 3, and had to put 
two groups of tapes into the same pool.
When I upgrade to 7.x I will get to break that group out again and have 3 
encrypted volume pools.

From: Abhishek Dhingra1 [mailto:abhishek.dhin...@in.ibm.com]
Sent: Tuesday, June 15, 2010 12:41 PM
To: Judy Hinchcliffe
Cc: veritas-bu@mailman.eng.auburn.edu
Subject: Fw: [Veritas-bu] KMS encryption


Thanks for the reply.

Today i tried configuring the KMS on my master server(running on AIX). It 
worked perfectly fine, i took help from veritas support and according to them 
we can only keep one key in the key database, it will always use the same key 
for encrypting the data. Every time we need to change the encryption key , we 
need to define the new key and deactivate the one that is activated.

Have you tried configuring more then one key at the same time.

Moreover doing restore on another site , will require encryption license to be 
applied on the tape library at another site, in case if we dont have encryption 
feature enabled at hardware on another site, is there any way to perform the 
restore.

Rgds
A D
Email : abhishek.dhin...@in.ibm.com

- Forwarded by Abhishek Dhingra1/India/IBM on 06/15/2010 11:05 PM -
judy_hinchcli...@administaff.com

06/15/2010 10:51 PM

To

Abhishek Dhingra1/India/i...@ibmin, veritas-bu@mailman.eng.auburn.edu

cc

Subject

RE: [Veritas-bu] KMS encryption







Yes, I recently started.

It is one chapter in the Security and Encryption book, look for the book for 
the version you are running.  In the 6.5 it is chapter 6.


I have aix media servers so I cannot do MESO

If I wanted to hardware encryption using my IBM library I would have to PAY IBM 
a lot of money Plus get the Tivoli key management system.

Kms comes with NB.
I just went to my library and turned on “Application Managed Encryption”
Then I setup the kms database and made my volume pools
NOTE:  in 6.5.5 you can only use 2 encrypted volume pools.  In 7.0 you can use 
20.

So now I am doing hardware encryption – that is where all the work is done on 
the tape drive – it also does my compression  so no extra over head on my 
master or media.

Read the chapter carefully –
Make sure that the kms dir is not put on your catalog tape, and do no encrypt 
the catalog tape ( that’s like locking your keys in the car)
I have two sites.
I made my kms on one master, then just copied the database to the other master, 
this way I know all encrypted key tags match and I can read encrypted tapes at 
both sites.

Once reading the chapter I saw how easy it really was.

Just make sure you document you password strings and keep them in a secure 
place – not in just any file on disk where someone else could find them.
From: veritas-bu-boun...@mailman.eng.auburn.edu 
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Abhishek 
Dhingra1
Sent: Tuesday, June 15, 2010 12:10 PM
To: veritas-bu@mailman.eng.auburn.edu
Subject: [Veritas-bu] KMS encryption


Hi,,

   Has anyone ever used Netbackup 6.5 internal KMS encryption feature.

Pls share the documents link of KMS and also wanted to know merits and demerits 
of using KMS encryption.

Hope some one have used KMS and could help me.

Rgds
A D
Email : abhishek.dhin...@in.ibm.com
___
Veritas-bu maillist  -  Veritas-bu

Re: [Veritas-bu] KMS encryption

2010-06-15 Thread Adams, Dwayne

FYI...  I have heard that there is an Engineering Binary that your can
request from Symantec to give you more encrypted pools on 6.5.x.  

 

Dwayne Adams

 



From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of
judy_hinchcli...@administaff.com
Sent: Tuesday, June 15, 2010 12:27 PM
To: abhishek.dhin...@in.ibm.com
Cc: veritas-bu@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

You can have 1 key per volume pool.

 

So on  6.5.5 you can encrypt 2 pools.

 

You can have different encryption keys for each pool.  So I have 2
different key tags depending on which pool the tape belongs to.

 

In 7.0 you can have 20 pools, but again you can only have 1 active key
per volume pool.

 

Now if you want to change your key, you have those levels of a key.

You take current key from active to inactive, and create a new active
key for that pool.

An inactive key can be used to decrypt a tape.  So if you have a new
active key you can still read the tapes made with the old key.

Where a deprecated key will stay in the database if you want it, but you
cannot use it to write or read a tape.

 

 

You said: in case if we don't have encryption feature enabled at
hardware on another site, is there any way to perform the restore. 


 

No - that is the whole point of encryption.

You must have application managed encryption turned on at the other
library ( this cost me nothing on my IBM TS3310)

And YOU MUST have the SAME keys on the database at the other site.  

TEST TEST TEST  - before you start doing all your tapes verify that you
can tape a tape made here and be able to restore it at your other site.
If you cannot read an encrypted tape at your DR site - then what is the
point.  You want to lock others out of reading your tapes, not yourself.

 

The way to verify is when looking at your tapes and you see the
encrypted key tag on the image.

Your kms database at your other site must have an exact matching key
tag.

 

As kms is just a bunch of file You just copy that dir over to the
other server.

 

The only issue right now for me is 2 volume pools.  I wanted 3, and had
to put two groups of tapes into the same pool.

When I upgrade to 7.x I will get to break that group out again and have
3 encrypted volume pools.

 

From: Abhishek Dhingra1 [mailto:abhishek.dhin...@in.ibm.com] 
Sent: Tuesday, June 15, 2010 12:41 PM
To: Judy Hinchcliffe
Cc: veritas-bu@mailman.eng.auburn.edu
Subject: Fw: [Veritas-bu] KMS encryption

 


Thanks for the reply. 

Today i tried configuring the KMS on my master server(running on AIX).
It worked perfectly fine, i took help from veritas support and according
to them we can only keep one key in the key database, it will always use
the same key for encrypting the data. Every time we need to change the
encryption key , we need to define the new key and deactivate the one
that is activated. 

Have you tried configuring more then one key at the same time. 

Moreover doing restore on another site , will require encryption license
to be applied on the tape library at another site, in case if we dont
have encryption feature enabled at hardware on another site, is there
any way to perform the restore. 

Rgds
A D
Email : abhishek.dhin...@in.ibm.com

- Forwarded by Abhishek Dhingra1/India/IBM on 06/15/2010 11:05 PM
- 

judy_hinchcli...@administaff.com 

06/15/2010 10:51 PM 

To

Abhishek Dhingra1/India/i...@ibmin, veritas-bu@mailman.eng.auburn.edu 

cc

 

Subject

RE: [Veritas-bu] KMS encryption

 

 

 




Yes, I recently started. 
  
It is one chapter in the Security and Encryption book, look for the book
for the version you are running.  In the 6.5 it is chapter 6. 
  
  
I have aix media servers so I cannot do MESO 
  
If I wanted to hardware encryption using my IBM library I would have to
PAY IBM a lot of money Plus get the Tivoli key management system. 
  
Kms comes with NB. 
I just went to my library and turned on Application Managed Encryption

Then I setup the kms database and made my volume pools 
NOTE:  in 6.5.5 you can only use 2 encrypted volume pools.  In 7.0 you
can use 20. 
  
So now I am doing hardware encryption - that is where all the work is
done on the tape drive - it also does my compression  so no extra over
head on my master or media. 
  
Read the chapter carefully - 
Make sure that the kms dir is not put on your catalog tape, and do no
encrypt the catalog tape ( that's like locking your keys in the car) 
I have two sites. 
I made my kms on one master, then just copied the database to the other
master, this way I know all encrypted key tags match and I can read
encrypted tapes at both sites. 
  
Once reading the chapter I saw how easy it really was. 
  
Just make sure you document you password strings and keep them in a
secure place - not in just any file on disk where someone else could
find them. 
From: veritas-bu-boun...@mailman.eng.auburn.edu

Re: [Veritas-bu] KMS encryption

2010-06-15 Thread bob944

 I just went to my library and turned on Application
 Managed Encryption

Interesting.  Since NetBackup doesn't need anything but bptm and an
LTO4 to do KMS, do you know if your library somehow blocks that
process if that app managed crypto isn't turned on?

It's my understanding that the keytags and keys are handled in the
SCSI command stream between the media server and the drive.  Now I'm
wondering if there are libraries that snoop on the data stream and
detect/block those commands.  

In all this, I'm assuming your library and drives aren't set up with
the little add-on Ethernet cards that deliver the crypto from other
apps.


___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-15 Thread Adams, Dwayne

Final solution:

 

The solution was to update the firmware on the library and drives,
remove all the drive entries in NBU, uninstall/reinstall the tape and
changer drivers then rescan for devices in NBU.  This was a combination
of suggestions from DELL and Symantec.

 

Dwayne Adams

 



From: Adams, Dwayne 
Sent: Friday, April 02, 2010 9:12 AM
To: Adams, Dwayne; Chapman, Scott; Sedeora, Surjit S Mr CTR USA USA
Cc: judy_hinchcli...@administaff.com; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

Update:

 

I have talked to both Symantec and Dell.  Still trying to figure it
out...  Check out the difference in the information returned from manage
drive attributes Not sure why yet  It may be that the output is
different because fl1 suggests a LTO3 tape that does not support
encryption.  The issue seems to be that when LTO4 tapes are mounted they
are posted to bptm as LTO3 tapes.  The library mount logs show as
LTO4  Firmware and drivers are up to date.  NO_SIXTEEN_BYTE_CDB was
missing on the non-working media server and I added it but still no
go

 

Not working

 

08:43:35.573 [4732.1396] 2 check_touch_file: Found
D:\VERITAS\Volmgr\database\NO_SIXTEEN_BYTE_CDB from (roblib.c.6515)

08:43:35.573 [4732.1396] 2 manage_drive_attributes: report_attr, fl1
0x00010849, fl2 0x

08:43:35.573 [4732.1396] 2 send_MDS_msg: MEDIADB 1 51946 001343
4001359 *NULL* 6 1270222961 0 0 0 0 0 0 3 19 0 17 1024 0 0 0

08:43:35.620 [4732.1396] 2 vnet_vnetd_service_socket:
vnet_vnetd.c.2046: VN_REQUEST_SERVICE_SOCKET: 6 0x0006

08:43:35.620 [4732.1396] 2 vnet_vnetd_service_socket:
vnet_vnetd.c.2060: service: bpdbm

 

Working

 

06:00:55.819 [3840.3864] 2 io_open: SCSI RESERVE

06:00:55.835 [3840.3864] 2 check_touch_file: Found
D:\VERITAS\Volmgr\database\NO_SIXTEEN_BYTE_CDB from (roblib.c.6515)

06:00:55.835 [3840.3864] 2 manage_drive_attributes: report_attr, fl1
0x00030849, fl2 0x

06:00:55.835 [3840.3864] 2 manage_drive_attributes: encryption status:
nexus scope 1, key scope 1

06:00:55.835 [3840.3864] 2 manage_drive_attributes: encryp mode 0x0,
decryp mode 0x0, algorithm index 1, key instance 1459

06:00:55.835 [3840.3864] 2 io_open: file
D:\VERITAS\NetBackup\db\media\tpreq\drive_IBM.ULTRIUM-TD4.004
successfully opened (mode 2)

06:00:55.835 [3840.3864] 2 write_backup: media id 001137 mounted on
drive index 2, drivepath {2,0,2,0}, drivename IBM.ULTRIUM-TD4.004, copy
1

06:00:55.835 [3840.3864] 4 db_error_add_to_file: VBRT 1 3840 1 1
IBM.ULTRIUM-TD4.004 001137 0 1 0 0 0

 

Library mount logs...

 

-- Mount History -- : 

 

 

 #NO Thread Count Cart. Manu   Cart. S/NVolser Lib   Volser Host
Cart. GEN Code Level   DS-WRT DS-RD  

 1   5518 TDK  H9XQL8I414   001342L4
Gen 4 85 1d 38 1  0

 2   5510 FUJIFILM 079D106852000492L3
Gen 3 85 1d 38 40987  94

 3   5511 FUJIFILM 079D106852000492L3
Gen 3 85 1d 38 83 81

 4   5512 FUJIFILM 079D106852000492L3
Gen 3 85 1d 38 27 93

 5   5513 FUJIFILM 0796112369000446L3
Gen 3 85 1d 38 11774

 6   5514 FUJIFILM 0796112369000446L3
Gen 3 85 1d 38 4  68

 7   5515 FUJIFILM 073Q10812549L3
Gen 3 85 1d 38 30 73

 8   5516 TDK  H9XQL8E086   001343L4
Gen 4 85 1d 38 1  0

 9   5517 TDK  H9XQL8E086   001343L4
Gen 4 85 1d 38 0  1

 

Dwayne Adams



This email and any attachments are intended only for the named recipient
and may contain confidential and/or privileged material. Any
unauthorized copying, dissemination or other use by a person other than
the named recipient of this communication is prohibited. If you received
this in error or are not named as a recipient, please notify the sender
and destroy all copies of this email immediately.

2010 Olympic and Paralympic Logo | ICBC Logo http://icbc.com/ 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-02 Thread Adams, Dwayne

Update:

 

I have talked to both Symantec and Dell.  Still trying to figure it
out...  Check out the difference in the information returned from manage
drive attributes Not sure why yet  It may be that the output is
different because fl1 suggests a LTO3 tape that does not support
encryption.  The issue seems to be that when LTO4 tapes are mounted they
are posted to bptm as LTO3 tapes.  The library mount logs show as
LTO4  Firmware and drivers are up to date.  NO_SIXTEEN_BYTE_CDB was
missing on the non-working media server and I added it but still no
go

 

Not working

 

08:43:35.573 [4732.1396] 2 check_touch_file: Found
D:\VERITAS\Volmgr\database\NO_SIXTEEN_BYTE_CDB from (roblib.c.6515)

08:43:35.573 [4732.1396] 2 manage_drive_attributes: report_attr, fl1
0x00010849, fl2 0x

08:43:35.573 [4732.1396] 2 send_MDS_msg: MEDIADB 1 51946 001343
4001359 *NULL* 6 1270222961 0 0 0 0 0 0 3 19 0 17 1024 0 0 0

08:43:35.620 [4732.1396] 2 vnet_vnetd_service_socket:
vnet_vnetd.c.2046: VN_REQUEST_SERVICE_SOCKET: 6 0x0006

08:43:35.620 [4732.1396] 2 vnet_vnetd_service_socket:
vnet_vnetd.c.2060: service: bpdbm

 

Working

 

06:00:55.819 [3840.3864] 2 io_open: SCSI RESERVE

06:00:55.835 [3840.3864] 2 check_touch_file: Found
D:\VERITAS\Volmgr\database\NO_SIXTEEN_BYTE_CDB from (roblib.c.6515)

06:00:55.835 [3840.3864] 2 manage_drive_attributes: report_attr, fl1
0x00030849, fl2 0x

06:00:55.835 [3840.3864] 2 manage_drive_attributes: encryption status:
nexus scope 1, key scope 1

06:00:55.835 [3840.3864] 2 manage_drive_attributes: encryp mode 0x0,
decryp mode 0x0, algorithm index 1, key instance 1459

06:00:55.835 [3840.3864] 2 io_open: file
D:\VERITAS\NetBackup\db\media\tpreq\drive_IBM.ULTRIUM-TD4.004
successfully opened (mode 2)

06:00:55.835 [3840.3864] 2 write_backup: media id 001137 mounted on
drive index 2, drivepath {2,0,2,0}, drivename IBM.ULTRIUM-TD4.004, copy
1

06:00:55.835 [3840.3864] 4 db_error_add_to_file: VBRT 1 3840 1 1
IBM.ULTRIUM-TD4.004 001137 0 1 0 0 0

 

Library mount logs...

 

-- Mount History -- : 

 

 

 #NO Thread Count Cart. Manu   Cart. S/NVolser Lib   Volser Host
Cart. GEN Code Level   DS-WRT DS-RD  

 1   5518 TDK  H9XQL8I414   001342L4
Gen 4 85 1d 38 1  0

 2   5510 FUJIFILM 079D106852000492L3
Gen 3 85 1d 38 40987  94

 3   5511 FUJIFILM 079D106852000492L3
Gen 3 85 1d 38 83 81

 4   5512 FUJIFILM 079D106852000492L3
Gen 3 85 1d 38 27 93

 5   5513 FUJIFILM 0796112369000446L3
Gen 3 85 1d 38 11774

 6   5514 FUJIFILM 0796112369000446L3
Gen 3 85 1d 38 4  68

 7   5515 FUJIFILM 073Q10812549L3
Gen 3 85 1d 38 30 73

 8   5516 TDK  H9XQL8E086   001343L4
Gen 4 85 1d 38 1  0

 9   5517 TDK  H9XQL8E086   001343L4
Gen 4 85 1d 38 0  1

 

Dwayne Adams



This email and any attachments are intended only for the named recipient
and may contain confidential and/or privileged material. Any
unauthorized copying, dissemination or other use by a person other than
the named recipient of this communication is prohibited. If you received
this in error or are not named as a recipient, please notify the sender
and destroy all copies of this email immediately.

2010 Olympic and Paralympic Logo | ICBC Logo http://icbc.com/ 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Adams, Dwayne

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape is a LTO3 tape but
the tape is definitely a LTO4 tape.  I have read the Technote on this
but that is all I have found. 

 

http://seer.entsupport.symantec.com/docs/321244.htm

 

 

Thanks

 

Dwayne Adams

 

Encryption unavailable for an ENCR pool

 

4/1/2010 8:41:25 AM - started process bpbrm (1216)

4/1/2010 8:41:36 AM - connecting

4/1/2010 8:41:36 AM - connected; connect time: 00:00:00

4/1/2010 8:41:37 AM - mounting 001343

4/1/2010 8:42:23 AM - Error bptm(pid=3972) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 8:42:24 AM - Warning bptm(pid=3972) media id 001343 load
operation reported an error 

4/1/2010 8:42:24 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 8:42:54 AM - end writing

termination requested by administrator(150)

 

Netbackup 6.5.4

 

Library 1 Media Server

 

Dell ML6000 series

2 LTO4 drives and 4 LTO3 drives (Downed for testing encryption with LTO4
tapes)

 

manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0004

 

Library 2 Master\Media

Dell ML6000 series

6 LTO4 drives

 

manage_drive_attributes: report_attr, fl1 0x00030849, fl2 0x

 

 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread judy_hinchcliffe

I have not had that problem.

My thought is what media type is 001343  - it has to be hcart (so nb
knows it is a lto4)

As you have both types in your library I would check that the media
type/barcode say it is a lto4 as well has physically check that it is an
lto4.

 

I have a master/media, a media, and 2 SAN Media all encrypting just
fine.

 

 

 

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 11:16 AM
To: VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape is a LTO3 tape but
the tape is definitely a LTO4 tape.  I have read the Technote on this
but that is all I have found. 

 

http://seer.entsupport.symantec.com/docs/321244.htm

 

 

Thanks

 

Dwayne Adams

 

Encryption unavailable for an ENCR pool

 

4/1/2010 8:41:25 AM - started process bpbrm (1216)

4/1/2010 8:41:36 AM - connecting

4/1/2010 8:41:36 AM - connected; connect time: 00:00:00

4/1/2010 8:41:37 AM - mounting 001343

4/1/2010 8:42:23 AM - Error bptm(pid=3972) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 8:42:24 AM - Warning bptm(pid=3972) media id 001343 load
operation reported an error 

4/1/2010 8:42:24 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 8:42:54 AM - end writing

termination requested by administrator(150)

 

Netbackup 6.5.4

 

Library 1 Media Server

 

Dell ML6000 series

2 LTO4 drives and 4 LTO3 drives (Downed for testing encryption with LTO4
tapes)

 

manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0004

 

Library 2 Master\Media

Dell ML6000 series

6 LTO4 drives

 

manage_drive_attributes: report_attr, fl1 0x00030849, fl2 0x

 

 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Adams, Dwayne

Judy,

 

I have a call in to Symantec now.  My environment already has LTO3 and
LTO4 media set to HCART3 (not my doing).  I am going to change the tapes
to HCART as part of this project.  I wonder if the fl1 0x00010049 is
reported by the drive or Netbackup is providing that information to the
drive?  I called Dell and they were not much help. Once I said the KMS,
I got the we only support our solution line.  I am getting my ducks
in a row so I can call Dell back if it is not a NBU config issue.  My
libraries are both setup for application managed encryption.  Wish me
luck.  :-)

 

Thanks

 

Dwayne Adams

 



From: judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
Sent: Thursday, April 01, 2010 9:22 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I have not had that problem.

My thought is what media type is 001343  - it has to be hcart (so nb
knows it is a lto4)

As you have both types in your library I would check that the media
type/barcode say it is a lto4 as well has physically check that it is an
lto4.

 

I have a master/media, a media, and 2 SAN Media all encrypting just
fine.

 

 

 

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 11:16 AM
To: VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape is a LTO3 tape but
the tape is definitely a LTO4 tape.  I have read the Technote on this
but that is all I have found. 

 

http://seer.entsupport.symantec.com/docs/321244.htm

 

 

Thanks

 

Dwayne Adams

 

Encryption unavailable for an ENCR pool

 

4/1/2010 8:41:25 AM - started process bpbrm (1216)

4/1/2010 8:41:36 AM - connecting

4/1/2010 8:41:36 AM - connected; connect time: 00:00:00

4/1/2010 8:41:37 AM - mounting 001343

4/1/2010 8:42:23 AM - Error bptm(pid=3972) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 8:42:24 AM - Warning bptm(pid=3972) media id 001343 load
operation reported an error 

4/1/2010 8:42:24 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 8:42:54 AM - end writing

termination requested by administrator(150)

 

Netbackup 6.5.4

 

Library 1 Media Server

 

Dell ML6000 series

2 LTO4 drives and 4 LTO3 drives (Downed for testing encryption with LTO4
tapes)

 

manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0004

 

Library 2 Master\Media

Dell ML6000 series

6 LTO4 drives

 

manage_drive_attributes: report_attr, fl1 0x00030849, fl2 0x

 

 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Adams, Dwayne

A side note.  Not sure if this make a difference.  There is a firewall
between my master\media and media server.  All the standard ports have
been configured and all backups and restores work fine today.

 

Dwayne

 



From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 9:33 AM
To: judy_hinchcli...@administaff.com; VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Judy,

 

I have a call in to Symantec now.  My environment already has LTO3 and
LTO4 media set to HCART3 (not my doing).  I am going to change the tapes
to HCART as part of this project.  I wonder if the fl1 0x00010049 is
reported by the drive or Netbackup is providing that information to the
drive?  I called Dell and they were not much help. Once I said the KMS,
I got the we only support our solution line.  I am getting my ducks
in a row so I can call Dell back if it is not a NBU config issue.  My
libraries are both setup for application managed encryption.  Wish me
luck.  :-)

 

Thanks

 

Dwayne Adams

 



From: judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
Sent: Thursday, April 01, 2010 9:22 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I have not had that problem.

My thought is what media type is 001343  - it has to be hcart (so nb
knows it is a lto4)

As you have both types in your library I would check that the media
type/barcode say it is a lto4 as well has physically check that it is an
lto4.

 

I have a master/media, a media, and 2 SAN Media all encrypting just
fine.

 

 

 

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 11:16 AM
To: VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape is a LTO3 tape but
the tape is definitely a LTO4 tape.  I have read the Technote on this
but that is all I have found. 

 

http://seer.entsupport.symantec.com/docs/321244.htm

 

 

Thanks

 

Dwayne Adams

 

Encryption unavailable for an ENCR pool

 

4/1/2010 8:41:25 AM - started process bpbrm (1216)

4/1/2010 8:41:36 AM - connecting

4/1/2010 8:41:36 AM - connected; connect time: 00:00:00

4/1/2010 8:41:37 AM - mounting 001343

4/1/2010 8:42:23 AM - Error bptm(pid=3972) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 8:42:24 AM - Warning bptm(pid=3972) media id 001343 load
operation reported an error 

4/1/2010 8:42:24 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 8:42:54 AM - end writing

termination requested by administrator(150)

 

Netbackup 6.5.4

 

Library 1 Media Server

 

Dell ML6000 series

2 LTO4 drives and 4 LTO3 drives (Downed for testing encryption with LTO4
tapes)

 

manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0004

 

Library 2 Master\Media

Dell ML6000 series

6 LTO4 drives

 

manage_drive_attributes: report_attr, fl1 0x00030849, fl2 0x

 

 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread judy_hinchcliffe

I seem to remember reading in the book the type HAD to be HCART=lto4
(not sure if I read that somewhere or it just stuck in my head)

 

Try deleting one of your tapes, and get it added back in as an HCART -
your lto4 tape drives should already be HCART ( if not you will have to
change them as well)

Then give it a try - I really think that is the problem.

 

From: Adams, Dwayne [mailto:adam...@medsch.ucsf.edu] 
Sent: Thursday, April 01, 2010 11:33 AM
To: Judy Hinchcliffe; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

Judy,

 

I have a call in to Symantec now.  My environment already has LTO3 and
LTO4 media set to HCART3 (not my doing).  I am going to change the tapes
to HCART as part of this project.  I wonder if the fl1 0x00010049 is
reported by the drive or Netbackup is providing that information to the
drive?  I called Dell and they were not much help. Once I said the KMS,
I got the we only support our solution line.  I am getting my ducks
in a row so I can call Dell back if it is not a NBU config issue.  My
libraries are both setup for application managed encryption.  Wish me
luck.  J

 

Thanks

 

Dwayne Adams

 



From: judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
Sent: Thursday, April 01, 2010 9:22 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I have not had that problem.

My thought is what media type is 001343  - it has to be hcart (so nb
knows it is a lto4)

As you have both types in your library I would check that the media
type/barcode say it is a lto4 as well has physically check that it is an
lto4.

 

I have a master/media, a media, and 2 SAN Media all encrypting just
fine.

 

 

 

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 11:16 AM
To: VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape is a LTO3 tape but
the tape is definitely a LTO4 tape.  I have read the Technote on this
but that is all I have found. 

 

http://seer.entsupport.symantec.com/docs/321244.htm

 

 

Thanks

 

Dwayne Adams

 

Encryption unavailable for an ENCR pool

 

4/1/2010 8:41:25 AM - started process bpbrm (1216)

4/1/2010 8:41:36 AM - connecting

4/1/2010 8:41:36 AM - connected; connect time: 00:00:00

4/1/2010 8:41:37 AM - mounting 001343

4/1/2010 8:42:23 AM - Error bptm(pid=3972) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 8:42:24 AM - Warning bptm(pid=3972) media id 001343 load
operation reported an error 

4/1/2010 8:42:24 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 8:42:54 AM - end writing

termination requested by administrator(150)

 

Netbackup 6.5.4

 

Library 1 Media Server

 

Dell ML6000 series

2 LTO4 drives and 4 LTO3 drives (Downed for testing encryption with LTO4
tapes)

 

manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0004

 

Library 2 Master\Media

Dell ML6000 series

6 LTO4 drives

 

manage_drive_attributes: report_attr, fl1 0x00030849, fl2 0x

 

 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Adams, Dwayne

Judy,

 

I will let you know what I find out.

 

Thanks

 

Dwayne Adams

 



From: judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
Sent: Thursday, April 01, 2010 9:55 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I seem to remember reading in the book the type HAD to be HCART=lto4
(not sure if I read that somewhere or it just stuck in my head)

 

Try deleting one of your tapes, and get it added back in as an HCART -
your lto4 tape drives should already be HCART ( if not you will have to
change them as well)

Then give it a try - I really think that is the problem.

 

From: Adams, Dwayne [mailto:adam...@medsch.ucsf.edu] 
Sent: Thursday, April 01, 2010 11:33 AM
To: Judy Hinchcliffe; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

Judy,

 

I have a call in to Symantec now.  My environment already has LTO3 and
LTO4 media set to HCART3 (not my doing).  I am going to change the tapes
to HCART as part of this project.  I wonder if the fl1 0x00010049 is
reported by the drive or Netbackup is providing that information to the
drive?  I called Dell and they were not much help. Once I said the KMS,
I got the we only support our solution line.  I am getting my ducks
in a row so I can call Dell back if it is not a NBU config issue.  My
libraries are both setup for application managed encryption.  Wish me
luck.  :-)

 

Thanks

 

Dwayne Adams

 



From: judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
Sent: Thursday, April 01, 2010 9:22 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I have not had that problem.

My thought is what media type is 001343  - it has to be hcart (so nb
knows it is a lto4)

As you have both types in your library I would check that the media
type/barcode say it is a lto4 as well has physically check that it is an
lto4.

 

I have a master/media, a media, and 2 SAN Media all encrypting just
fine.

 

 

 

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 11:16 AM
To: VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape is a LTO3 tape but
the tape is definitely a LTO4 tape.  I have read the Technote on this
but that is all I have found. 

 

http://seer.entsupport.symantec.com/docs/321244.htm

 

 

Thanks

 

Dwayne Adams

 

Encryption unavailable for an ENCR pool

 

4/1/2010 8:41:25 AM - started process bpbrm (1216)

4/1/2010 8:41:36 AM - connecting

4/1/2010 8:41:36 AM - connected; connect time: 00:00:00

4/1/2010 8:41:37 AM - mounting 001343

4/1/2010 8:42:23 AM - Error bptm(pid=3972) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 8:42:24 AM - Warning bptm(pid=3972) media id 001343 load
operation reported an error 

4/1/2010 8:42:24 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 8:42:54 AM - end writing

termination requested by administrator(150)

 

Netbackup 6.5.4

 

Library 1 Media Server

 

Dell ML6000 series

2 LTO4 drives and 4 LTO3 drives (Downed for testing encryption with LTO4
tapes)

 

manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0004

 

Library 2 Master\Media

Dell ML6000 series

6 LTO4 drives

 

manage_drive_attributes: report_attr, fl1 0x00030849, fl2 0x

 

 

___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Chapman, Scott

I can confirm that this is not the case.

 

I think your problem is that both of your media types (LTO3 and LTO4)
are set to HCART3... you need to have that separated out, and you need
to have your drives configured the same.  If your LTO3 media is HCART3
and your LTO4 media are HCART, then you need your LTO3 drives to be
HCART3 and your LTO4 drives to be HCART.

 

Is your 001343 media an LTO4 cartridge?  And was it mounted into an LTO4
drive when you tried to write the encrypted backup?

 

Scott Chapman

Senior Technical Specialist

Storage and Database Administration

ICBC - Victoria

Ph:  250.414.7650  Cell:  250.213.9295

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of
judy_hinchcli...@administaff.com
Sent: Thursday, April 01, 2010 9:55 AM
To: adam...@medsch.ucsf.edu; VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

I seem to remember reading in the book the type HAD to be HCART=lto4
(not sure if I read that somewhere or it just stuck in my head)

 

Try deleting one of your tapes, and get it added back in as an HCART -
your lto4 tape drives should already be HCART ( if not you will have to
change them as well)

Then give it a try - I really think that is the problem.

 

From: Adams, Dwayne [mailto:adam...@medsch.ucsf.edu] 
Sent: Thursday, April 01, 2010 11:33 AM
To: Judy Hinchcliffe; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

Judy,

 

I have a call in to Symantec now.  My environment already has LTO3 and
LTO4 media set to HCART3 (not my doing).  I am going to change the tapes
to HCART as part of this project.  I wonder if the fl1 0x00010049 is
reported by the drive or Netbackup is providing that information to the
drive?  I called Dell and they were not much help. Once I said the KMS,
I got the we only support our solution line.  I am getting my ducks
in a row so I can call Dell back if it is not a NBU config issue.  My
libraries are both setup for application managed encryption.  Wish me
luck.  J

 

Thanks

 

Dwayne Adams

 



From: judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
Sent: Thursday, April 01, 2010 9:22 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I have not had that problem.

My thought is what media type is 001343  - it has to be hcart (so nb
knows it is a lto4)

As you have both types in your library I would check that the media
type/barcode say it is a lto4 as well has physically check that it is an
lto4.

 

I have a master/media, a media, and 2 SAN Media all encrypting just
fine.

 

 

 

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 11:16 AM
To: VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape is a LTO3 tape but
the tape is definitely a LTO4 tape.  I have read the Technote on this
but that is all I have found. 

 

http://seer.entsupport.symantec.com/docs/321244.htm

 

 

Thanks

 

Dwayne Adams

 

Encryption unavailable for an ENCR pool

 

4/1/2010 8:41:25 AM - started process bpbrm (1216)

4/1/2010 8:41:36 AM - connecting

4/1/2010 8:41:36 AM - connected; connect time: 00:00:00

4/1/2010 8:41:37 AM - mounting 001343

4/1/2010 8:42:23 AM - Error bptm(pid=3972) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 8:42:24 AM - Warning bptm(pid=3972) media id 001343 load
operation reported an error 

4/1/2010 8:42:24 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 8:42:54 AM - end writing

termination requested by administrator(150)

 

Netbackup 6.5.4

 

Library 1 Media Server

 

Dell ML6000 series

2 LTO4 drives and 4 LTO3 drives (Downed for testing encryption with LTO4
tapes)

 

manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0004

 

Library 2 Master\Media

Dell ML6000 series

6 LTO4 drives

 

manage_drive_attributes: report_attr, fl1 0x00030849, fl2 0x

 

 




This email and any attachments are intended only for the named
recipient and may contain confidential and/or privileged material.
Any unauthorized copying, dissemination or other use by a person
other than the named recipient of this communication is prohibited.
 If you received this in error or are not named as a recipient,
please notify the sender and destroy all copies of this email
immediately.
___
Veritas-bu maillist  -  Veritas-bu@mailman.eng.auburn.edu
http

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Adams, Dwayne

Scott,

 

1343 is a LTO4 tape.  I just made the change and tested.  I set one of
my LTO4 drives to HCART, created a new HCART Storage Unit, changed the
policy to use that storage unit, deleted the tapes and ran an inventory
as HCART to the Scratch Pool.  Same outcome.

 

4/1/2010 10:11:01 AM - estimated 0 kbytes needed

4/1/2010 10:11:05 AM - started process bpbrm (3608)

4/1/2010 10:11:17 AM - connecting

4/1/2010 10:11:18 AM - connected; connect time: 00:00:01

4/1/2010 10:11:19 AM - mounting 001343

4/1/2010 10:11:54 AM - Error bptm(pid=4024) FREEZING media id 001343,
Encryption unavailable for an ENCR pool   

4/1/2010 10:11:55 AM - Warning bptm(pid=4024) media id 001343 load
operation reported an error 

4/1/2010 10:11:55 AM - current media 001343 complete, requesting next
resource Any

4/1/2010 10:12:32 AM - granted resource 001342

4/1/2010 10:12:32 AM - granted resource IBM.ULTRIUM-TD4.001

4/1/2010 10:12:32 AM - granted resource som012-hcart-robot-tld-1

4/1/2010 10:12:34 AM - mounting 001342

4/1/2010 10:13:17 AM - Error bptm(pid=4024) FREEZING media id 001342,
Encryption unavailable for an ENCR pool   

4/1/2010 10:13:18 AM - Warning bptm(pid=4024) media id 001342 load
operation reported an error 

4/1/2010 10:13:18 AM - current media 001342 complete, requesting next
resource Any

4/1/2010 10:13:58 AM - end writing

unable to allocate new media for backup, storage unit has none
available(96)

termination requested by administrator(150)

 

Dwayne

 



From: Chapman, Scott [mailto:scott.chap...@icbc.com] 
Sent: Thursday, April 01, 2010 10:06 AM
To: judy_hinchcli...@administaff.com; Adams, Dwayne;
VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I can confirm that this is not the case.

 

I think your problem is that both of your media types (LTO3 and LTO4)
are set to HCART3... you need to have that separated out, and you need
to have your drives configured the same.  If your LTO3 media is HCART3
and your LTO4 media are HCART, then you need your LTO3 drives to be
HCART3 and your LTO4 drives to be HCART.

 

Is your 001343 media an LTO4 cartridge?  And was it mounted into an LTO4
drive when you tried to write the encrypted backup?

 

Scott Chapman

Senior Technical Specialist

Storage and Database Administration

ICBC - Victoria

Ph:  250.414.7650  Cell:  250.213.9295

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of
judy_hinchcli...@administaff.com
Sent: Thursday, April 01, 2010 9:55 AM
To: adam...@medsch.ucsf.edu; VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

I seem to remember reading in the book the type HAD to be HCART=lto4
(not sure if I read that somewhere or it just stuck in my head)

 

Try deleting one of your tapes, and get it added back in as an HCART -
your lto4 tape drives should already be HCART ( if not you will have to
change them as well)

Then give it a try - I really think that is the problem.

 

From: Adams, Dwayne [mailto:adam...@medsch.ucsf.edu] 
Sent: Thursday, April 01, 2010 11:33 AM
To: Judy Hinchcliffe; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

Judy,

 

I have a call in to Symantec now.  My environment already has LTO3 and
LTO4 media set to HCART3 (not my doing).  I am going to change the tapes
to HCART as part of this project.  I wonder if the fl1 0x00010049 is
reported by the drive or Netbackup is providing that information to the
drive?  I called Dell and they were not much help. Once I said the KMS,
I got the we only support our solution line.  I am getting my ducks
in a row so I can call Dell back if it is not a NBU config issue.  My
libraries are both setup for application managed encryption.  Wish me
luck.  :-)

 

Thanks

 

Dwayne Adams

 



From: judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
Sent: Thursday, April 01, 2010 9:22 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

 

I have not had that problem.

My thought is what media type is 001343  - it has to be hcart (so nb
knows it is a lto4)

As you have both types in your library I would check that the media
type/barcode say it is a lto4 as well has physically check that it is an
lto4.

 

I have a master/media, a media, and 2 SAN Media all encrypting just
fine.

 

 

 

From: veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams,
Dwayne
Sent: Thursday, April 01, 2010 11:16 AM
To: VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

 

Hello,

 

Has anyone run into this issue with KMS?  I have setup KMS on my Master
Server and can encrypt data to the pools from my Master.  I get the
following error and the tape is frozen when I try to run an encrypted
job from my Media Server.  The bptm log says the tape

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Len Boyle

Dwayne,

Can you show the errors in the bptm log with verbose set to 5?
Also do you have any system errors showing scsi errors for the problem?

len

From: veritas-bu-boun...@mailman.eng.auburn.edu 
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams, Dwayne
Sent: Thursday, April 01, 2010 1:25 PM
To: Chapman, Scott; judy_hinchcli...@administaff.com; 
VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

Scott,

1343 is a LTO4 tape.  I just made the change and tested.  I set one of my LTO4 
drives to HCART, created a new HCART Storage Unit, changed the policy to use 
that storage unit, deleted the tapes and ran an inventory as HCART to the 
Scratch Pool.  Same outcome.

4/1/2010 10:11:01 AM - estimated 0 kbytes needed
4/1/2010 10:11:05 AM - started process bpbrm (3608)
4/1/2010 10:11:17 AM - connecting
4/1/2010 10:11:18 AM - connected; connect time: 00:00:01
4/1/2010 10:11:19 AM - mounting 001343
4/1/2010 10:11:54 AM - Error bptm(pid=4024) FREEZING media id 001343, 
Encryption unavailable for an ENCR pool
4/1/2010 10:11:55 AM - Warning bptm(pid=4024) media id 001343 load operation 
reported an error
4/1/2010 10:11:55 AM - current media 001343 complete, requesting next resource 
Any
4/1/2010 10:12:32 AM - granted resource 001342
4/1/2010 10:12:32 AM - granted resource IBM.ULTRIUM-TD4.001
4/1/2010 10:12:32 AM - granted resource som012-hcart-robot-tld-1
4/1/2010 10:12:34 AM - mounting 001342
4/1/2010 10:13:17 AM - Error bptm(pid=4024) FREEZING media id 001342, 
Encryption unavailable for an ENCR pool
4/1/2010 10:13:18 AM - Warning bptm(pid=4024) media id 001342 load operation 
reported an error
4/1/2010 10:13:18 AM - current media 001342 complete, requesting next resource 
Any
4/1/2010 10:13:58 AM - end writing
unable to allocate new media for backup, storage unit has none available(96)
termination requested by administrator(150)

Dwayne


From: Chapman, Scott [mailto:scott.chap...@icbc.com]
Sent: Thursday, April 01, 2010 10:06 AM
To: judy_hinchcli...@administaff.com; Adams, Dwayne; 
VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

I can confirm that this is not the case.

I think your problem is that both of your media types (LTO3 and LTO4) are set 
to HCART3... you need to have that separated out, and you need to have your 
drives configured the same.  If your LTO3 media is HCART3 and your LTO4 media 
are HCART, then you need your LTO3 drives to be HCART3 and your LTO4 drives to 
be HCART.

Is your 001343 media an LTO4 cartridge?  And was it mounted into an LTO4 drive 
when you tried to write the encrypted backup?

Scott Chapman
Senior Technical Specialist
Storage and Database Administration
ICBC - Victoria
Ph:  250.414.7650  Cell:  250.213.9295
From: veritas-bu-boun...@mailman.eng.auburn.edu 
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of 
judy_hinchcli...@administaff.com
Sent: Thursday, April 01, 2010 9:55 AM
To: adam...@medsch.ucsf.edu; VERITAS-BU@mailman.eng.auburn.edu
Subject: Re: [Veritas-bu] KMS encryption

I seem to remember reading in the book the type HAD to be HCART=lto4 (not sure 
if I read that somewhere or it just stuck in my head)

Try deleting one of your tapes, and get it added back in as an HCART - your 
lto4 tape drives should already be HCART ( if not you will have to change them 
as well)
Then give it a try - I really think that is the problem.

From: Adams, Dwayne [mailto:adam...@medsch.ucsf.edu]
Sent: Thursday, April 01, 2010 11:33 AM
To: Judy Hinchcliffe; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

Judy,

I have a call in to Symantec now.  My environment already has LTO3 and LTO4 
media set to HCART3 (not my doing).  I am going to change the tapes to HCART as 
part of this project.  I wonder if the fl1 0x00010049 is reported by the drive 
or Netbackup is providing that information to the drive?  I called Dell and 
they were not much help. Once I said the KMS, I got the we only support our 
solution line.  I am getting my ducks in a row so I can call Dell back if it 
is not a NBU config issue.  My libraries are both setup for application managed 
encryption.  Wish me luck.  :)

Thanks

Dwayne Adams


From: judy_hinchcli...@administaff.com [mailto:judy_hinchcli...@administaff.com]
Sent: Thursday, April 01, 2010 9:22 AM
To: Adams, Dwayne; VERITAS-BU@mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] KMS encryption

I have not had that problem.
My thought is what media type is 001343  - it has to be hcart (so nb knows it 
is a lto4)
As you have both types in your library I would check that the media 
type/barcode say it is a lto4 as well has physically check that it is an lto4.

I have a master/media, a media, and 2 SAN Media all encrypting just fine.



From: veritas-bu-boun...@mailman.eng.auburn.edu 
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams, Dwayne
Sent: Thursday, April 01, 2010 11

Re: [Veritas-bu] KMS encryption

2010-04-01 Thread Sedeora, Surjit S Mr CTR USA USA





Dwayne,
 This happens when RObot Device host is not the true EMM
server. you can determine the true EMM server by executing nbemmcmd
-listhosts (the top host will be the true EMM server).
Thank you
Surjit Sedeora
Sr. Systems Engineer
NGIT

Adams, Dwayne wrote:

  
  

  
  
  Scott,
  
  1343 is a
LTO4 tape. I just made the
change and tested. I set one of my LTO4 drives to HCART, created a new
HCART Storage Unit, changed the policy to use that storage unit,
deleted the
tapes and ran an inventory as HCART to the Scratch Pool. Same outcome.
  
  4/1/2010
10:11:01 AM - estimated 0 kbytes
needed
  4/1/2010
10:11:05 AM - started process
bpbrm (3608)
  4/1/2010
10:11:17 AM - connecting
  4/1/2010
10:11:18 AM - connected; connect
time: 00:00:01
  4/1/2010
10:11:19 AM - mounting 001343
  4/1/2010
10:11:54 AM - Error
bptm(pid=4024) FREEZING media id 001343, Encryption unavailable for an
ENCR
pool 
  4/1/2010
10:11:55 AM - Warning
bptm(pid=4024) media id 001343 load operation reported an
error 
  4/1/2010
10:11:55 AM - current media
001343 complete, requesting next resource Any
  4/1/2010
10:12:32 AM - granted resource
001342
  4/1/2010
10:12:32 AM - granted resource
IBM.ULTRIUM-TD4.001
  4/1/2010
10:12:32 AM - granted resource
som012-hcart-robot-tld-1
  4/1/2010
10:12:34 AM - mounting 001342
  4/1/2010
10:13:17 AM - Error
bptm(pid=4024) FREEZING media id 001342, Encryption unavailable for an
ENCR
pool 
  4/1/2010
10:13:18 AM - Warning
bptm(pid=4024) media id 001342 load operation reported an
error 
  4/1/2010
10:13:18 AM - current media
001342 complete, requesting next resource Any
  4/1/2010
10:13:58 AM - end writing
  unable to
allocate new media for backup,
storage unit has none available(96)
  termination
requested by
administrator(150)
  
  Dwayne
  
  
  
  
  From: Chapman, Scott
[mailto:scott.chap...@icbc.com] 
  Sent: Thursday, April
01, 2010
10:06 AM
  To:
judy_hinchcli...@administaff.com; Adams, Dwayne;
VERITAS-BU@mailman.eng.auburn.edu
  Subject: RE:
[Veritas-bu] KMS
encryption
  
  
  I
can confirm that
this is not the case.
  
  I
think your problem
is that both of your media types (LTO3 and LTO4) are set to HCART3 you
need to have that separated out, and you need to have your drives
configured
the same. If your LTO3 media is HCART3 and your LTO4 media are HCART,
then you need your LTO3 drives to be HCART3 and your LTO4 drives to be
HCART.
  
  Is
your 001343 media
an LTO4 cartridge? And was it mounted into an
LTO4 drive when you tried to write the encrypted backup?
  
  
  Scott
Chapman
  Senior
Technical
Specialist
  Storage
and Database
Administration
  ICBC
- Victoria
  
  Ph:
250.414.7650 Cell: 250.213.9295
  
  
  From:
veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of judy_hinchcli...@administaff.com
  Sent: Thursday, April
01, 2010
9:55 AM
  To:
adam...@medsch.ucsf.edu;
VERITAS-BU@mailman.eng.auburn.edu
  Subject: Re:
[Veritas-bu] KMS
encryption
  
  
  
  I seem to
remember reading in the book the
type HAD to be HCART=lto4 (not sure if I read that somewhere or it just
stuck
in my head)
  
  Try deleting one
of your tapes, and get it
added back in as an HCART  your lto4 tape drives should already be
HCART
( if not you will have to change them as well)
  Then give it a
try  I really think
that is the problem.
  
  
  
  From: Adams, Dwayne
[mailto:adam...@medsch.ucsf.edu] 
  Sent: Thursday, April
01, 2010
11:33 AM
  To: Judy Hinchcliffe;
VERITAS-BU@mailman.eng.auburn.edu
  Subject: RE:
[Veritas-bu] KMS
encryption
  
  
  
  Judy,
  
  I have a
call in to Symantec now. My
environment already has LTO3 and LTO4 media set to HCART3 (not my
doing).
I am going to change the tapes to HCART as part of this project. I
wonder if the fl1 0x00010049 is reported by the drive or Netbackup is
providing
that information to the drive? I called Dell and they were not much
help.
Once I said the KMS, I got the we only support our solution
line. I am getting my ducks in a row so I can call
Dell back if it is not a NBU config issue. My libraries are both setup
for application
managed encryption. Wish me luck. J
  
  Thanks
  
  Dwayne Adams
  
  
  
  
  From:
judy_hinchcli...@administaff.com
[mailto:judy_hinchcli...@administaff.com] 
  Sent: Thursday, April
01, 2010
9:22 AM
  To: Adams, Dwayne;
VERITAS-BU@mailman.eng.auburn.edu
  Subject: RE:
[Veritas-bu] KMS
encryption
  
  
  I have not had
that problem.
  My thought is
what media type is
001343 - it has to be hcart (so nb knows it is a lto4)
  As you have both
types in your library I
would check that the media type/barcode say it is a lto4 as well has
physically
check that it is an lto4.
  
  I have a
master/media, a media, and 2 SAN
Media all encrypting just fine.
  
  
  
  
  
  From:
veritas-bu-boun...@mailman.eng.auburn.edu
[mailto:veritas-bu-boun...@mailman.eng.auburn.edu] On Behalf Of Adams, Dwayne
  Sent: Thursday, April
01, 2010
11:16 AM
  To:
VERITAS-BU@mailman.eng.auburn.edu
  Subject: Re

[Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

Re: [Veritas-bu] KMS encryption

17 matches

Site Navigation

Mail list logo

Footer information