Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

How NetWorker NMM SQL AES backups and restores work.

Summary: This article explains how NetWorker Module for Microsoft - NMM - uses AES encryoption for backup and restores.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions


To explain how AES works with Networker , and NMM SQL backups  consider the following. 

There are two parts to AES encryption.  
Server and client 
For Server ; it supports AES always;   only 1 thing changes on server that affects restores = that is =  

datazone pass phrase  

For client ; it also supports AES ;  it needs 2 parts   

   1.  to enable AES on the the backup;  
   
   That is accomplished with      nsrsqlsv -f aes    

   when this -f aes is omitted; backup is not encrypted with aes   restore then will work normally without any pass phrase.

   2.  to enable AES pass phrase on restore 
   
   That is accomplished with  nsrsqlrc  -e passphrase 
   
   IMPORTANT  
   
   -e passphrase is needed ONLY WHEN
   
   the datazone pass phrase in Server has CHANGED from what was used in backup ; 
   
   for example when backup was made with pass1 
   and today the pass phrase changes to pass2 
   THEN client MUST use -e pass1 or it will FAIL.  
   
   However if the pass phrase today is the SAME as pass phrase used during
   the Backup,  the client is still able to restore the backup with using -e pass1

   The server controls the pass phrase not the client. 
   The client must know what pass phrase to use on restore command if the original pass phrase has changed.

Example, 

  Server  
  pass phrase  ; backup       ;  restore ;      outcome  
  ;=================================================
i)    monday       ; with  -f aes  ;  without -e  ;  success  because pass phrase is same    
  
ii)  changed to
  tuesday     ;            -------------   ;  without -e  ;  failed !!     cannot restore because pass phrase today is tuesday 
  and backup was taken with pass phrase monday

iii)    still 
  tuesday      ;    ----------------   ;  with -e monday ; success ;  because the backup was taken with pass phrase monday  
  and restore used  -e monday 

  ;=======================================

NOTE 
How AES protects the backups.

AES protects the backups if the datazone pass phrase changes.
= one needs the old pass phrase to restore 

AES protects the backups if a person tries to restore the backup from same media 
using a different Networker server which does not have the pass phrase.
=  the new Networker server wil not know the pass phrase from original server.


Networker client - for file system backups works  same way 
if backup was taken with aes and pass phrase = pass1 
and server has changed it to pass2 
then the client recover command can use -p pass1 
to recover a backup with an older pass phrase 


Affected Products

NetWorker Module for Microsoft
Article Properties
Article Number: 000180979
Article Type: How To
Last Modified: 08 Jul 2021
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.