Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Deduplication Guide
  5. Configuring deduplication
  7. About MSDP FIPS compliance
NetBackup™ Deduplication Guide

About MSDP FIPS compliance

The Federal Information Processing Standards (FIPS) define U.S. and Canadian Government security and interoperability requirements for computer systems. The FIPS 140-2 standard specifies the security requirements for cryptographic modules. It describes the approved security functions for symmetric and asymmetric key encryption, message authentication, and hashing.

For more information about the FIPS 140-2 standard and its validation program, see the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program website at https://csrc.nist.gov/projects/cryptographic-module-validation-program.

The NetBackup MSDP is now FIPS validated and can be operated in FIPS mode.

Note:

You must run FIPS mode on a new installation of NetBackup 8.1.1. You can only enable OCSD FIPS on NetBackup 10.0 and newer versions.

Enabling MSDP FIPS mode

Ensure that you configure the storage server before you enable the MSDP FIPS mode.

Caution:

Enabling MSDP FIPS mode might affect the NetBackup performance on a server with the Solaris operating system.

Enable the FIPS mode for MSDP by running the following commands:

  • For UNIX:

    /usr/openv/pdde/pdag/scripts/set_fips_mode.sh 1

    For Windows:

    <install_path>\Veritas\pdde\set_fips_mode.bat 1

  • Restart the NetBackup service on the server and the client.

    • For UNIX:

      • /usr/openv/netbackup/bin/bp.kill_all

      • /usr/openv/netbackup/bin/bp.start_all

    • For Windows:

      • <install_path>\NetBackup\bin\bpdown

      • <install_path>\NetBackup\bin\bpup

Enable the FIPS mode for MSDP or OpenCloudStorageDaemon (OCSD) by performing the following:

  • Use existing tool to enable or disable OCSD FIPS. Using this method changes the entire MSDP FIPS configuration.

    • For Windows:

      <install_path>\Veritas\pdde\set_fips_mode.bat 1

    • For UNIX:

      /usr/openv/pdde/pdag/scripts/set_fips_mode.sh 1

  • In NetBackup, OCSD FIPS is disabled by default. Enable or disable OCSD FIPS by changing the OpenCloudStorageDaemon/FIPS:

    /etc/pdregistry.cfg

Restart the NetBackup services on the server and the client for these changes to take effect:

  • For Windows:

    • <install_path>\NetBackup\bin\bpdown

    • <install_path>\NetBackup\bin\bpup

  • For UNIX:

    • /usr/openv/netbackup/bin/bp.kill_all

    • /usr/openv/netbackup/bin/bp.start_all

Warning:

For security reasons, the recommendation is that you do not disable the MSDP FIPS mode once it has been enabled.

Getting the status of MSDP FIPS mode

To get status of the MSDP FIPS mode, enter the following commands:

For UNIX:

/usr/openv/pdde/pdcr/bin/crcontrol --getmode

For Windows:

<install_path>\Veritas\pdde\crcontrol.exe --getmode

Other things to note:

  • FIPS must be enabled on all the NetBackup components to establish a connection. When the FIPS mode is not enabled, communication can occur between the NetBackup clients and the servers that have earlier, supported NetBackup versions.

Feedback

Was this page helpful?
Previous

Updating an MSDP catalog backup policy

Next

Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP

Feedback

Was this page helpful?