Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Deduplication Guide
  3. Appendix C. Encryption Crawler
  4. Updating the KMS configuration
  5. Performing the KMS key rotation
NetBackup™ Deduplication Guide

Performing the KMS key rotation

This process may run concurrently with the normal NetBackup operations such as backups and restores. However, best practice is to perform KMS key rotation during a maintenance window. KMS key rotation should complete quickly.

To perform the KMS key rotation

  1. Ensure that you have created a new KMS key on the KMS service you configured MSDP to use.
  2. Run the following command to start the KMS key rotation process in MSDP.

    /usr/openv/pdde/pdcr/bin/crcontrol --kmskeyrotation

  3. Use kek_tag_reporting tool to verify that a new KMS key is updated.

    /usr/openv/pdde/pdcr/bin/kek_tag_reporting.py -r

    /usr/openv/netbackup/bin/nbkmscmd -listKeys -name nbkms

Feedback

Was this page helpful?
Previous

Converting the legacy KMS to KEK-based KMS

Next

Performing the KEK rotation

Feedback

Was this page helpful?