Skip to main content

 Hello community,

 

I have some questions about KMIP integration at customer side

 

The customer wants to encrypt the primary copy and the secondary copy

 

it is a KMIP cluster but the spof here is on the VPN.

  1. what happens if the KMIP servers are not able to reach the commserve
  2. the customer wants to block the ability to restore from our MSP site (critical content), how to perform that, RBAC ?
  3. What is the best practice to backup to KMIP Servers ?

have any of you already implemented this kind of solution?

 

Thanks !

 

 

Hello @Amin91 

 

Q- What happens if the KMIP servers are not able to reach the commserv

A- When you have Commvault setup to use the KIMP server for Encryption and decryption then backups and restores will all fail if the tunnel between that server is broken. 

 

Q- The customer wants to block the ability to restore from our MSP site (critical content), how to perform that, RBAC?

A- You are correct that RBAC is the answer: 

https://documentation.commvault.com/2023e/expert/roles_overview.html

 

Q- What is the best practice to backup to KMIP Servers ?

A- I am not 100% sure if it is treated like any other client or if it has specific requirements. 

 

Kind regards

Albert Williams


Reply