You can replace an existing Key Management Server (KMS) used for encryption in a CommCell environment.
Before You Begin
To ensure recovery in case of a disaster recovery restore, you may need to revert to a previous state that used the old KMS. In such cases, you will need the encryption keys from the old KMS. It is recommended to back up the old KMS in coordination with your KMS provider before proceeding.
Procedure
-
Configure the new KMS in the Commvault environment.
For instructions, see Adding a Key Management Server.
-
Update the KMS settings for all storage in your CommCell environment, replacing the old KMS with the new one.
For instructions, see Configuring Software Encryption on Disk Storage.
-
Update account password protection settings to use the new KMS if applicable.
For instructions, see Modifying the Key Management Server That Stores Passwords for a CommCell Environment.
-
Delete the old KMS after verifying that the new KMS is functioning correctly.
For instructions, see Deleting a Key Management Server.