Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section II. Encryption of data-in-transit
  7. Configuring data-in-transit encryption (DTE)
  9. Data-in-transit encryption support
NetBackup™ Security and Encryption Guide

Data-in-transit encryption support

Data-in-transit encryption is supported for the following NetBackup data and metadata operations:

  • Data flow from a client to a media server

  • Data flow from a media server to a client

  • Metadata transfer from a media server to the primary server

  • Data flow from one media server to another during duplication and synthetic backup

Data-in-transit encryption is not supported for the following NetBackup operations or communications:

  • Communication between an OST plug-in and the underlying storage provider is not supported. It includes the following:

    • Communication between NetBackup and cloud storage

    • Communication between NetBackup and the third-party OST providers such as DataDomain, NetApp, and so on

  • Data-in-transit encryption is not supported for the following MSDP workflows:

    • Optimized Duplication

    • AIR replication

    For these two operations, you need to explicitly configure the following option on both storage servers:

    OPTDUP_ENCRYPTION=1

    The DTE configuration in NetBackup does not control the data channel between two storage servers.

  • Communication between NetBackup and workload applications such as VMware, Hyper-V, Microsoft Exchange, SharePoint, and Nutanix are not supported.

    Once the data is transferred from a workload application to NetBackup, it is then securely transferred over the TLS channel within the NetBackup boundary.

  • NDMP communication

  • SAN client communication

  • Communication with the NBFSD process

    The process uses the standard NFS or CIFS protocol.

Feedback

Was this page helpful?
Previous

About the data channel

Next

Workflow to configure data-in-transit encryption

Feedback

Was this page helpful?