Data Domain: Default Authentication Mode for DD Boost Clients Does Not Provide Over-The-Wire Encryption
Zusammenfassung: After upgrading DDOS, receive the error "Default authentication mode for DD Boost clients does not provide over-the-wire encryption."
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Symptome
Applicable versions:
DDOS 7.10.1.10, DDOS 7.7.5.20, or DDOS 7.12, or a later version
The following Security alert is observed in the autosupport file:
DDOS 7.10.1.10, DDOS 7.7.5.20, or DDOS 7.12, or a later version
The following Security alert is observed in the autosupport file:
Current Alerts -------------- Id Post Time Severity Class Object Message ------ ------------------------ -------- ----------------- ----------------- ------------------------------------------------------------------------------------------------------------- m0-53 Wed May 10 00:06:41 2023 ALERT Security EVT-DDBOOST-00001: Default authentication mode for DDBoost clients does not provide over-the-wire encryption. ------ ------------------------ -------- ----------------- ----------------- -------------------------------------------------------------------------------------------------------------
Ursache
If DD Boost encryption strength is set to none in the previous DDOS release, and DDOS is upgraded to 7.10.1.10, 7.7.5.20, or 7.12, or a later version, then a security alert is raised to remind the user to enable encryption.
Command to check current encryption strength:
ddboost option show global-encryption-strength
Lösung
Steps using CLI:
- Clear the alert manually:
alerts clear alert-id <alert-id-list>
- Set the global-encryption-strength to medium or high:
Syntax:
ddboost option set global-authentication-mode none global-encryption-strength {medium | high} - Reset global authentication mode and global encryption strength to none:
ddboost option set global-authentication-mode none global-encryption-strength none
Steps using UI:
- Log in to the Data Domain System Manager (UI).
- Go to Protocols.
- Go to DD Boost.
- Click More Tasks in the upper right corner.
- Select Set Option.
- Under Security, select encryption strength to medium or high.
- Click OK.
- Go to Health.
- Go to Alert.
- Select the alert and click Clear.
To reset Global Authentication Mode back to 'none':
- Go to Protocols.
- Go to DD Boost.
- Click Configure before Global Authentication Mode.
- Select none and click OK. This resets the global authentication mode and global encryption strength to none.
Note: Keeping the current global-encryption setting may trigger a reminder alert "Default authentication mode for DD Boost clients does not provide over-the-wire encryption," but DD Boost operation successfully continues. Setting global-encryption to medium or high may result in a drop in Boost I/O performance. If over-the-wire encryption is required, change global-encryption to medium or high.
Note: If using Avamar Integrated Data Protection Appliance with Session Security Settings enabled, it is safe to disregard this alert. Avamar is already encrypting the data and there is no necessity to use DD Boost encryption. Use the below command to disregard the alert from the Data Domain.
alert clear alert-id
How to Reset Global Encryption Strength & Clear Errors in Dell Data Domain
Duration: 00:03:32 (hh:mm:ss)
When available, closed caption (subtitles) language settings can be chosen using the CC icon on this video player.
Weitere Informationen
See related article: Data Domain - DD Boost global authentication and encryption
Betroffene Produkte
Data DomainProdukte
Data Domain Encryption, DD OSArtikeleigenschaften
Artikelnummer: 000215316
Artikeltyp: Solution
Zuletzt geändert: 12 Feb. 2025
Version: 8
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.