Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. NetBackup CA and NetBackup certificates
  9. About global security settings
  11. About secure communication settings
NetBackup™ Security and Encryption Guide

About secure communication settings

NetBackup provides settings that you can configure for secure communication between hosts.

Table: Secure communication settings

Setting

Description

Certificate authority

Displays the certificate authorities that your NetBackup domain supports.

The NetBackup web server can be configured to enable the NetBackup domain to use:

  • NetBackup CA-signed certificates only

  • External CA-signed certificates only

  • NetBackup CA-signed certificates and external CA-signed certificates

Use the -configureWebServerCerts command for certificate configuration for the web server.

For more information, refer to the NetBackup Commands Reference Guide.

Enable insecure communication with NetBackup 8.0 and earlier hosts

NetBackup communicates insecurely with 8.0 and earlier hosts.

For increased security, upgrade all your hosts to the current version and disable this setting. This ensures that only secure communication is possible between NetBackup hosts.

By default, the option is selected, which allows NetBackup to communicate with hosts including 8.0 and earlier hosts that may be present in the existing NetBackup environment.

This option also allows communication between NetBackup 8.1 or later primary server.

See Disabling insecure communication.

See About insecure communication with 8.0 and earlier hosts.

If you have configured Auto Image Replication, ensure the following before you clear the option:

The trusted primary server that you have specified for image replication is of the version that is later than NetBackup 8.0.

For more information, refer to the NetBackup Administrator's Guide, Volume I.

Automatically map NetBackup host ID to host names

Hosts may have multiple host names or IP addresses associated with them. For successful communication between hosts, all relevant host names and IP addresses need to be mapped to the respective host IDs.

During communication, NetBackup may detect new host names or IP addresses with respect to a host ID.

Select this option to automatically map the host ID to host names or IP addresses that are detected by the system.

By default, the option is selected.

For increased security, clear this option so that the NetBackup Administrator can manually verify the mappings and approve them.

See Automatically mapping host ID to host names and IP addresses.

Security level for certificate deployment

Based on the security level that is configured on the NetBackup primary server, the certificate deployment approach is determined.

For example, if the security level is set to Very High, an authorization token is a must for certificate deployment.

Note:

Security levels for certificate deployment are specific to NetBackup CA-signed certificates. If the NetBackup web server is not configured to use NetBackup certificates for secure communication, this option cannot be accessed.

See About NetBackup certificate deployment security levels.

See Configuring the certificate deployment security levels.

Feedback

Was this page helpful?
Previous

About global security settings

Next

Disabling insecure communication

Feedback

Was this page helpful?