RSA File Security Manager (FSM)
RSA File Security Manager 2.1.1
Microsoft Windows 2003 Server
Veritas NetBackup
Don?t want a user that has rights to decrypt the data in that directory defined as the account that runs backups. We need an account that has read-only rights to the directory. In other words: a user that can see the encrypted data and run successful backups against that data, but that cannot decrypt or modify that data. As it stands right now, the directory structure that is encrypted by the FSM tool is only accessible to the one user defined in FSM and, therefore, the standard backup account (I think it just runs as Local System) fails to access the directory.
- Modify the policy for MaintProgs role to Read Encrypt andWrite Do-not Encrypt
- Add the application "C:\Program Files\VERITAS\NetBackup\bin\bpbkar32.exe" to the role
- Now add the role MaintProgs to Secured Object "E:\UploadedDocuments"
This should allow the user to backup the data from "E:\UploadedDocuments"
Note: When VSP driver (VERITAS NetBackup) is attached to the volume, the backup application bypasses the FSM filter driver and backs up the Cipher text.
In this scenario, the data from the disk is backed up in encrypted format to the Tapes and when restoring the data from Tape, the data will not encrypt again in the secured folder on the adapter.
