NetWorker-How to Enable In-Flight Encryption Between NetWorker and Data Domain

Samenvatting: This article provides step-by-step instructions to enable in-flight encryption for securing data in transit between NetWorker and Data Domain systems. By default, this feature is not enabled in NetWorker. ...

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Instructies

Enabling in-flight encryption ensures enhanced security during data transfer but may increase backup times and resource usage. Follow the outlined procedures to configure in-flight encryption using both NetWorker Management Console (NMC) and nsradmin, and configuring DD Boost in-flight encryption on the Data Domain systems.

Enabling In-Flight Encryption on NetWorker using one of the following options:

(Option 1) Using NetWorker Management Console:

  1. Connect to the NetWorker server from NMC.
  2. In the NetWorker Administration window, select Hosts.
  3. Right-click the Hostname of the NetWorker server.
  4. Select Configure Local Agent. The Local Agent Properties window appears.
  5. Go to the Advanced tab and select Connection encrypted.
  6. Click OK.

(Option 2) Using nsradmin:

  1. Log in as root or Windows Administrator on the NetWorker client.
  2. At the command prompt, type:
nsradmin -p nsrexec
  1. Edit the NSRLA resource by typing: 
print type:NSRLA
  1. Change the value of the Connection Encrypted Attribute
update connection encrypted:enabled
  1. Type Yes when prompted to confirm the change.
  2. Ensure that the peer certificate for the NetWorker client matches the storage node if the auth method attribute is not set.

Enabling DD Boost In-Flight Encryption on Data Domain:

  1. Configure the Data Domain system to use medium-strength or high-strength TLS encryption. This configuration is transparent to NetWorker.
  2. Ensure that certificate-based encryption support is enabled:
  • The certificate is read from the server by each client and used for connecting to Data Domain.
  • The certificates are stored locally in the /nsr/sec/ddcerts/<dd_host/ss_host> directory for every connection to the Data Domain.
  1. Specify certificates using the following attributes in the NetWorker Data Domain and Smart scale resource:
  • Root CA Certificate File
  • Root CA Certificate

Extra informatie

  • Ensure that in-flight encryption is enabled on both NetWorker and Data Domain devices for optimal security.
  • Do not use in-flight encryption and AES encryption together, as it is redundant and may increase backup duration.
  • In-flight encryption is not supported for client direct backup and recovery operations from a NetWorker client host over a network to a remote host's Advance File Type Device (AFTD). Use AES encryption for these operations instead.
  • See the Dell NetWorker and Data Domain Boost Integration Guide for more details.

Getroffen producten

Data Domain, NetWorker

Producten

NetWorker Family
Artikeleigenschappen
Artikelnummer: 000225429
Artikeltype: How To
Laatst aangepast: 22 jan. 2026
Versie:  3
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.