Data Domain: Default Authentication Mode for DD Boost Clients Does Not Provide Over-The-Wire Encryption
Resumen: After upgrading DDOS, receive the error "Default authentication mode for DD Boost clients does not provide over-the-wire encryption."
Este artículo se aplica a:
Este artículo no se aplica a:
Este artículo no está vinculado a ningún producto específico.
En este artículo no se identifican todas las versiones de los productos.
Síntomas
Applicable versions:
DDOS 7.10.1.10, DDOS 7.7.5.20, or DDOS 7.12, or a later version
The following Security alert is observed in the autosupport file:
DDOS 7.10.1.10, DDOS 7.7.5.20, or DDOS 7.12, or a later version
The following Security alert is observed in the autosupport file:
Current Alerts -------------- Id Post Time Severity Class Object Message ------ ------------------------ -------- ----------------- ----------------- ------------------------------------------------------------------------------------------------------------- m0-53 Wed May 10 00:06:41 2023 ALERT Security EVT-DDBOOST-00001: Default authentication mode for DDBoost clients does not provide over-the-wire encryption. ------ ------------------------ -------- ----------------- ----------------- -------------------------------------------------------------------------------------------------------------
Causa
If DD Boost encryption strength is set to none in the previous DDOS release, and DDOS is upgraded to 7.10.1.10, 7.7.5.20, or 7.12, or a later version, then a security alert is raised to remind the user to enable encryption.
Command to check current encryption strength:
ddboost option show global-encryption-strength
Resolución
Steps using CLI:
- Clear the alert manually:
alerts clear alert-id <alert-id-list>
- Set the global-encryption-strength to medium or high:
Syntax:
ddboost option set global-authentication-mode none global-encryption-strength {medium | high} - Reset global authentication mode and global encryption strength to none:
ddboost option set global-authentication-mode none global-encryption-strength none
Steps using UI:
- Log in to the Data Domain System Manager (UI).
- Go to Protocols.
- Go to DD Boost.
- Click More Tasks in the upper right corner.
- Select Set Option.
- Under Security, select encryption strength to medium or high.
- Click OK.
- Go to Health.
- Go to Alert.
- Select the alert and click Clear.
To reset Global Authentication Mode back to 'none':
- Go to Protocols.
- Go to DD Boost.
- Click Configure before Global Authentication Mode.
- Select none and click OK. This resets the global authentication mode and global encryption strength to none.
Note: Keeping the current global-encryption setting may trigger a reminder alert "Default authentication mode for DD Boost clients does not provide over-the-wire encryption," but DD Boost operation successfully continues. Setting global-encryption to medium or high may result in a drop in Boost I/O performance. If over-the-wire encryption is required, change global-encryption to medium or high.
Note: If using Avamar Integrated Data Protection Appliance with Session Security Settings enabled, it is safe to disregard this alert. Avamar is already encrypting the data and there is no necessity to use DD Boost encryption. Use the below command to disregard the alert from the Data Domain.
alert clear alert-id
How to Reset Global Encryption Strength & Clear Errors in Dell Data Domain
Duration: 00:03:32 (hh:mm:ss)
When available, closed caption (subtitles) language settings can be chosen using the CC icon on this video player.
Información adicional
See related article: Data Domain - DD Boost global authentication and encryption
Productos afectados
Data DomainProductos
Data Domain Encryption, DD OSPropiedades del artículo
Número de artículo: 000215316
Tipo de artículo: Solution
Última modificación: 12 feb 2025
Versión: 8
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.