Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Cohesity Solution Guide for Sheltered Harbor
  3. Cohesity Sheltered Harbor solution workflow
  4. About key management services (KMS)
Cohesity Solution Guide for Sheltered Harbor

About key management services (KMS)

The NetBackup Sheltered Harbor solution encrypts and decrypts the data encryption key with the help of cloud KMS (CKMS) or on-premises KMS (KMIP based).

To start configuration with the NetBackup Sheltered Harbor solution, it is required to configure cloud KMS or on-premises KMS. You need to create KMS key pair for encryption, decryption, signing and sign verification.

Note:

NetBackup KMS cannot be used for configuring the Sheltered Harbor solution.

The NetBackup Sheltered Harbor solution supports the following KMS:

  • CKMS: Supports the Azure key vault

  • EKMS: Supports Thales cipherTrust manager and utimaco ESKM

To know more about CKMS and EKMS, refer to EKMS document.

Feedback

Was this page helpful?
Previous

Perform data vaulting using non-interactive mode

Next

About configuration recovery in NetBackup solution for Sheltered Harbor

Feedback

Was this page helpful?