Veritas NetBackup™ Deduplication Guide
- Introducing the NetBackup media server deduplication option
- Planning your deployment
- About MSDP storage and connectivity requirements
- About NetBackup media server deduplication
- About NetBackup Client Direct deduplication
- About MSDP remote office client deduplication
- About MSDP performance
- MSDP deployment best practices
- Provisioning the storage
- Licensing deduplication
- Configuring deduplication
- Configuring the Deduplication Multi-Threaded Agent behavior
- Configuring the MSDP fingerprint cache behavior
- Configuring MSDP fingerprint cache seeding on the storage server
- About MSDP Encryption using KMS service
- Configuring a storage server for a Media Server Deduplication Pool
- Configuring a disk pool for deduplication
- Configuring a Media Server Deduplication Pool storage unit
- About MSDP optimized duplication within the same domain
- Configuring MSDP optimized duplication within the same NetBackup domain
- Configuring MSDP replication to a different NetBackup domain
- About NetBackup Auto Image Replication
- Configuring a target for MSDP replication to a remote domain
- Creating a storage lifecycle policy
- Resilient Network properties
- Editing the MSDP pd.conf file
- About protecting the MSDP catalog
- Configuring an MSDP catalog backup
- Configuring deduplication to the cloud with NetBackup Cloud Catalyst
- Using NetBackup Cloud Catalyst to upload deduplicated data to the cloud
- Configuring a Cloud Catalyst storage server for deduplication to the cloud
- Monitoring deduplication activity
- Viewing MSDP job details
- Managing deduplication
- Managing MSDP servers
- Managing NetBackup Deduplication Engine credentials
- Managing Media Server Deduplication Pools
- Changing a Media Server Deduplication Pool properties
- Configuring MSDP data integrity checking behavior
- About MSDP storage rebasing
- Managing MSDP servers
- Recovering MSDP
- Replacing MSDP hosts
- Uninstalling MSDP
- Deduplication architecture
- Troubleshooting
- About unified logging
- About legacy logging
- Troubleshooting MSDP installation issues
- Troubleshooting MSDP configuration issues
- Troubleshooting MSDP operational issues
- Troubleshooting Cloud Catalyst issues
- Cloud Catalyst logs
- Problems encountered while using the Cloud Storage Server Configuration Wizard
- Disk pool problems
- Problems during cloud storage server configuration
- Cloud Catalyst troubleshooting tools
- Appendix A. Migrating to MSDP storage
About the rolling data conversion mechanism for MSDP
To ensure that data is encrypted and secured with the highest standards, NetBackup uses the AES encryption algorithm and SHA-2 fingerprinting algorithm beginning with the 8.1 release. Specifically, MSDP uses AES-256 and SHA-512/256.
In NetBackup 8.1, with the introduction of the AES and the SHA-2 algorithms, we want to convert the data that is encrypted and computed with the older algorithms (Blowfish and MD5-like) to the newer algorithms (AES-256 and SHA-512/256).
The environments that are upgraded to NetBackup 8.1 may include Blowfish encrypted data and the MD5-like fingerprints that need to be converted to the new format. To handle the conversion and secure the data, a new internal task converts the current data container to the AES-256 encryption and the SHA-512/256 fingerprint algorithm. This new task is referred to as the rolling data conversion. The conversion begins automatically after an upgrade to NetBackup 8.0. You can control some aspects of the conversion process or stop it entirely.
Rolling data conversion traverses all existing data containers. If the data is encrypted with the Blowfish algorithm, the data is re-encrypted with the AES-256 algorithm. Then a new SHA-512/256 fingerprint is generated. After the conversion, the data container has an additional .map
file, in addition to the .bhd
and .bin
files. The .map
file contains the mapping between the SHA-512/256 and the MD5-like fingerprints. It is used for the compatibility between SHA-512/256 fingerprints and MD5-like fingerprints. The .bhd
file includes the SHA-512/256 fingerprints.
When you upgrade to NetBackup 8.1.1, there might be encrypted data that is not encrypted using a customer key. The encrypted data must be encrypted by a customer key and to handle the data conversion and secure the data, a new internal task encrypts the existing data using a customer key. After the encryption and the fingerprint rolling conversion completes, the KMS rolling conversion begins.