NetWorker: How to Enable In-Flight Encryption Between NetWorker and Data Domain
Resumo: This article provides step-by-step instructions to enable in-flight encryption for securing data in transit between NetWorker and Data Domain systems. By default, this feature is not enabled in NetWorker. Enabling in-flight encryption ensures enhanced security during data transfer but may increase backup times and resource usage. Follow the outlined procedures to configure in-flight encryption using both NMC and nsradmin, and setting up DD Boost in-flight encryption on Data Domain systems. ...
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Instruções
Enabling In-Flight Encryption on NetWorker using one of the following options:
2. Configure the Data Domain system to use medium-strength or high-strength TLS encryption. This configuration is transparent to NetWorker.
3. For NetWorker 19.7 and later, ensure that certificate-based encryption support is enabled:
(Option 1) Using NetWorker Management Console (NMC):
1. Connect to the NetWorker server using NMC.
2. In the NetWorker Administration window, select Hosts.
3. Right-click the hostname of the NetWorker server.
4. Select Configure Local Agent. The Local Agent Properties window appears.
5. Go to the Advanced tab and select Connection encrypted.
6. Click OK.
2. In the NetWorker Administration window, select Hosts.
3. Right-click the hostname of the NetWorker server.
4. Select Configure Local Agent. The Local Agent Properties window appears.
5. Go to the Advanced tab and select Connection encrypted.
6. Click OK.
(Option 2) Using nsradmin:
1. Log in as root or Windows Administrator on the NetWorker client.
2. At the command prompt, type:
2. At the command prompt, type:
nsradmin -p nsrexec
3. Edit the NSRLA resource by typing:
print type:NSRLA
4. Change the value of the connection encrypted attribute:
update connection encrypted:enabled
5. Type Yes when prompted to confirm the change.
6. Ensure that the peer certificate for the NetWorker client matches the storage node if the auth method attribute is not set.
6. Ensure that the peer certificate for the NetWorker client matches the storage node if the auth method attribute is not set.
Enabling DD Boost In-Flight Encryption on Data Domain:
1. Ensure that the Data Domain system is running DDOS 5.5 or later.2. Configure the Data Domain system to use medium-strength or high-strength TLS encryption. This configuration is transparent to NetWorker.
3. For NetWorker 19.7 and later, ensure that certificate-based encryption support is enabled:
- The certificate is read from the server by each client and used for connecting to Data Domain.
- The certificates are stored locally in the `/nsr/sec/ddcerts/<dd_host/ss_host>` directory for every connection to Data Domain.
- Root CA Certificate File
- Root CA Certificate
Mais informações
- Ensure that in-flight encryption is enabled on both NetWorker and Data Domain devices for optimal security.
- Do not use in-flight encryption and AES encryption together, as it is redundant and could significantly increase backup duration.
- In-flight encryption is not supported for client direct backup and recovery operations from a NetWorker client host over a network to a remote host's Advance File Type Device (AFTD). Use AES encryption for these operations instead.
- See the Dell NetWorker and Data Domain Boost Integration Guide for more details: https://www.dell.com/support/home/product-support/product/networker/docs
Produtos afetados
Data Domain Boost – File SystemPropriedades do artigo
Número do artigo: 000225429
Tipo de artigo: How To
Último modificado: 30 mai. 2024
Versão: 1
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.