Veritas Solution Guide for Sheltered Harbor

Last Published:
Product(s): NetBackup & Alta Data Protection (10.5)

Archive recovery in Cyber Resilient Domain (CRD) and restoration in restoration environment

Here the archived volumes are recovered in CRD domain and data restoration is carried out in Recovery domain using the restore command option. The Sheltered Harbor solution on the NetBackup client decrypts and restores the data.

The following diagram depicts the process to recover the data in CRD domain and restore it in Recovery domain using Veritas NetBackup for Sheltered Harbor solution.

Figure: Archive recovery in Cyber Resilient Domain (CRD) and restoration in restoration environment

Archive recovery in Cyber Resilient Domain (CRD) and restoration in restoration environment

The process flow is as follows:

  1. Archive retrieval: From the NetBackup client, you need to manually restore the backup data using NetBackup Backup Archive Restore UI (BAR GUI) or NetBackup Web UI in the CRD domain. While recovering, you need to use the backup keyword to recover the data.

    See Restore backup data using NetBackup web UI.

  2. Recovery storage: It contains the recovered encrypted data files along with the secure envelope. You can use any portable medium (such as Pen drive, hard disk) to store the restored data.

    Note:

    Make sure that you specify the correct recovery storage path while recovering the backup data files. Use the NetBackup Backup Archive Restore UI to recover the data or NetBackup web UI.

  3. Data transfer: Use any portable medium (such as Pen drive, hard disk) to transfer the encrypted data files to the Recovery domain to initiate data decryption by using Sheltered Harbor solution.
  4. External or cloud provider KMS : The Sheltered Harbor solution decrypts the data encryption key (DEK) with the help of a configured KMS. The DEK is further used to decrypt the recovery storage data. It ensures that the encryption/decryption keys do not leave the KMS boundaries. If cloud KMS is not configured, you can use on-premises KMS.
  5. Restored data storage: Once the recovered data available in Restoration environment, the Sheltered Harbor solution is run to perform the data restoration which decrypts archived volumes and extract data files and store in the restored data storage.

    The data restoration using Sheltered Harbor solution can be done on a completely isolated NetBackup client that does not have a connectivity with a primary server. Such isolated NetBackup client can be installed by skipping host certificate deployment during NetBackup client install. The data restoration needs a connectivity with KMS where envelope decryption key is stored.

    Note:

    Ensure that you specify the correct restoration storage path while performing the data restoration operation.