Backup Exec 21.1 Best Practices
- Backup Exec Best Practices
- Best practices for Backup Exec software encryption
- Best practices for Backup Exec installation
- Best practices for Backup Exec tape management
- Best practices for Backup Exec disk-based storage
- Best practices for Backup Exec data lifecycle management (DLM)
- Best practices for Backup Exec catalogs
- Best practices for Backup Exec backups
- Best practices for Backup Exec backing up critical system components
- Best practices for Backup Exec Agent for Microsoft Exchange Server
- Best practices for Backup Exec Agent for Microsoft SQL Server
- Best practices for Backup Exec Agent for Linux
- Best practices for Backup Exec Agent for Microsoft SharePoint
- Best practices for Backup Exec Central Admin Server Option
- Best practices for Backup Exec Agent for Oracle on Windows and Linux Servers
- Best practices for Backup Exec NDMP Option
- Best practices for Backup Exec reports
- Best practices for Backup Exec and Veritas Update
- Best practices for Backup Exec Simplified Disaster Recovery
- Best practices for Backup Exec Agent for Enterprise Vault and the Backup Exec Migrator
- Best practices for Backup Exec Granular Recovery Technology
- Best practices for Backup Exec Remote Media Agent for Linux
- Best practices for Backup Exec Agent for Microsoft Hyper-V
- Best practices for Backup Exec Agent for VMware
- Best practices for using Backup Exec with server clusters
- Best practices for Backup Exec Deduplication Option
- Best practices for using Backup Exec Deduplication Option with the Central Admin Server Option
- Best practices for using hot-pluggable devices such as USB devices in a drive rotation strategy
- Best practices for Backup Exec database encryption keys
- Best Practices for Using the Backup Exec Cloud Connector
Best practices for Backup Exec database encryption keys
Best practices include tips and recommendations to help you use Backup Exec to manage the database encryption feature effectively. For more information about database encryption, see the Backup Exec Administrator's Guide.
The following best practices can help ensure the effective operation of database encryption:
Export the database encryption key immediately after you install Backup Exec to ensure that you have a copy of it in the event of a server failure.
To export the database encryption key, complete the following steps:
Click the Backup Exec button, select , and then click .
In the left pane, select .
In the field, type the location to which you want to export the encryption key.
Click .
The key is exported to the location that you specified. The key is named with a unique hash value. Backup Exec uses the name to identify the key later. Do not change the key's file name or file contents. If you want to export the key to additional locations, repeat the previous steps.
Click .
Make sure that you export the database encryption key to a location that meets the following criteria:
The destination is either on a physical volume that is assigned to a drive letter or a network share that is specified by a UNC path (network shares that are mapped to drive letters are not supported).
The destination has enough disk space.
The destination is accessible from the Backup Exec server.
Backup Exec has permission to write to the destination.
Save the database encryption key to a secure location. Veritas recommends that you save the key to an off-site location for increased security. It is your responsibility to ensure that the database encryption key is backed up.
Exercise caution when you configure access rights for the Data folder in the Backup Exec install directory. The Data folder contains the Backup Exec Database, SSL certificates, and database encryption keys as well as other critical data. The Data folder is protected from unauthorized access using Windows Access Control Lists (ACL). You should ensure that only trusted users can access the Data folder.
Refresh the database encryption keys periodically. Refreshing the database encryption keys helps to protect the server from any attacks that might try to decipher the keys.
For more information about refreshing the database encryption keys, refer to the Backup Exec Administrator's Guide.