NetWorker-How to Enable In-Flight Encryption Between NetWorker and Data Domain

Summary: This article provides step-by-step instructions to enable in-flight encryption for securing data in transit between NetWorker and Data Domain systems. By default, this feature is not enabled in NetWorker. ...

Αυτό το άρθρο ισχύει για Αυτό το άρθρο δεν ισχύει για Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν. Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Δείτε άλλους πόρους

Instructions

Enabling in-flight encryption ensures enhanced security during data transfer but may increase backup times and resource usage. Follow the outlined procedures to configure in-flight encryption using both NetWorker Management Console (NMC) and nsradmin, and configuring DD Boost in-flight encryption on the Data Domain systems.

Enabling In-Flight Encryption on NetWorker using one of the following options:

(Option 1) Using NetWorker Management Console:

  1. Connect to the NetWorker server from NMC.
  2. In the NetWorker Administration window, select Hosts.
  3. Right-click the Hostname of the NetWorker server.
  4. Select Configure Local Agent. The Local Agent Properties window appears.
  5. Go to the Advanced tab and select Connection encrypted.
  6. Click OK.

(Option 2) Using nsradmin:

  1. Log in as root or Windows Administrator on the NetWorker client.
  2. At the command prompt, type:
nsradmin -p nsrexec
  1. Edit the NSRLA resource by typing: 
print type:NSRLA
  1. Change the value of the Connection Encrypted Attribute
update connection encrypted:enabled
  1. Type Yes when prompted to confirm the change.
  2. Ensure that the peer certificate for the NetWorker client matches the storage node if the auth method attribute is not set.

Enabling DD Boost In-Flight Encryption on Data Domain:

  1. Configure the Data Domain system to use medium-strength or high-strength TLS encryption. This configuration is transparent to NetWorker.
  2. Ensure that certificate-based encryption support is enabled:
  • The certificate is read from the server by each client and used for connecting to Data Domain.
  • The certificates are stored locally in the /nsr/sec/ddcerts/<dd_host/ss_host> directory for every connection to the Data Domain.
  1. Specify certificates using the following attributes in the NetWorker Data Domain and Smart scale resource:
  • Root CA Certificate File
  • Root CA Certificate

Additional Information

  • Ensure that in-flight encryption is enabled on both NetWorker and Data Domain devices for optimal security.
  • Do not use in-flight encryption and AES encryption together, as it is redundant and may increase backup duration.
  • In-flight encryption is not supported for client direct backup and recovery operations from a NetWorker client host over a network to a remote host's Advance File Type Device (AFTD). Use AES encryption for these operations instead.
  • See the Dell NetWorker and Data Domain Boost Integration Guide for more details.

Επηρεαζόμενα προϊόντα

Data Domain, NetWorker

Προϊόντα

NetWorker Family
Ιδιότητες άρθρου
Article Number: 000225429
Article Type: How To
Τελευταία τροποποίηση: 22 Ιαν 2026
Version:  3
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.