Data Domain: Default Authentication Mode for DD Boost Clients Does Not Provide Over-The-Wire Encryption
Summary: After upgrading DDOS, receive the error "Default authentication mode for DD Boost clients does not provide over-the-wire encryption."
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Applicable versions:
DDOS 7.10.1.10, DDOS 7.7.5.20, or DDOS 7.12, or a later version
The following Security alert is observed in the autosupport file:
DDOS 7.10.1.10, DDOS 7.7.5.20, or DDOS 7.12, or a later version
The following Security alert is observed in the autosupport file:
Current Alerts -------------- Id Post Time Severity Class Object Message ------ ------------------------ -------- ----------------- ----------------- ------------------------------------------------------------------------------------------------------------- m0-53 Wed May 10 00:06:41 2023 ALERT Security EVT-DDBOOST-00001: Default authentication mode for DDBoost clients does not provide over-the-wire encryption. ------ ------------------------ -------- ----------------- ----------------- -------------------------------------------------------------------------------------------------------------
Cause
If DD Boost encryption strength is set to none in the previous DDOS release, and DDOS is upgraded to 7.10.1.10, 7.7.5.20, or 7.12, or a later version, then a security alert is raised to remind the user to enable encryption.
Command to check current encryption strength:
ddboost option show global-encryption-strength
Resolution
Steps using CLI:
- Clear the alert manually:
alerts clear alert-id <alert-id-list>
- Set the global-encryption-strength to medium or high:
Syntax:
ddboost option set global-authentication-mode none global-encryption-strength {medium | high} - Reset global authentication mode and global encryption strength to none:
ddboost option set global-authentication-mode none global-encryption-strength none
Steps using UI:
- Log in to the Data Domain System Manager (UI).
- Go to Protocols.
- Go to DD Boost.
- Click More Tasks in the upper right corner.
- Select Set Option.
- Under Security, select encryption strength to medium or high.
- Click OK.
- Go to Health.
- Go to Alert.
- Select the alert and click Clear.
To reset Global Authentication Mode back to 'none':
- Go to Protocols.
- Go to DD Boost.
- Click Configure before Global Authentication Mode.
- Select none and click OK. This resets the global authentication mode and global encryption strength to none.
Note: Keeping the current global-encryption setting may trigger a reminder alert "Default authentication mode for DD Boost clients does not provide over-the-wire encryption," but DD Boost operation successfully continues. Setting global-encryption to medium or high may result in a drop in Boost I/O performance. If over-the-wire encryption is required, change global-encryption to medium or high.
Note: If using Avamar Integrated Data Protection Appliance with Session Security Settings enabled, it is safe to disregard this alert. Avamar is already encrypting the data and there is no necessity to use DD Boost encryption. Use the below command to disregard the alert from the Data Domain.
alert clear alert-id
How to Reset Global Encryption Strength & Clear Errors in Dell Data Domain
Duration: 00:03:32 (hh:mm:ss)
When available, closed caption (subtitles) language settings can be chosen using the CC icon on this video player.
Additional Information
See related article: Data Domain - DD Boost global authentication and encryption
Affected Products
Data DomainProducts
Data Domain Encryption, DD OSArticle Properties
Article Number: 000215316
Article Type: Solution
Last Modified: 12 Feb 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.