Managing a Key Management Server

Note

• You are recommended to take a backup of the keys that the key management servers generate. Do not use Commvault software to back up the keys.
• The Commvault software rotates the keys in a time frequency of maximum 90 days.
• You can change the Key Management Server (KMS) for a storage pool without impacting existing data, provided the change is successful.
• The old key is not required to restore previously encrypted data.
• Data does not need to be recopied or re-encrypted when switching to a new key.
• After key rotation, older data remains accessible because the Key Encryption Key (KEK) is automatically protected with the new key.