When a user creates an
encryption key, Backup Exec marks that key with an identifier based
on the logged-on user's security identifier. The person who creates
the key becomes the owner of the key.
Backup Exec stores the
keys in the Backup Exec database. However, Backup Exec does not
store the pass phrases for the keys. The owner of each key is
responsible for remembering the pass phrase for the key.
To protect your keys, Symantec recommends the
Maintain a written log of the pass phrases. Keep
the log in a safe place in a separate physical location from the
encrypted backup sets.
Back up the Backup Exec database. The database
keeps a record of the keys.
you do not have a backup of the Backup Exec database and do not
remember your pass phrases, you cannot restore data from the
encrypted media. In addition, Symantec cannot restore encrypted
data in this situation.
A key that is created on
a media server is specific to that media server. You cannot move
keys between media servers. However, you can create new keys on a
different media server by using existing pass phrases. A pass
phrase always generates the same key. In addition, if you delete a
key accidentally, you can recreate it by using the pass phrase.
If a Backup Exec database
becomes corrupted on a media server and is replaced by a new
database, you must manually recreate all of the encryption keys
that were stored on the original database.
If you move a database from one media server to
another media server, the encryption keys remain intact as long as
the new media server meets the following criteria:
Has the same user accounts as the original media
Is in the same domain as the original media