Configure the global data-in-transit encryption setting
To configure the data-in-transit encryption (DTE) in your NetBackup environment, you need to first set the global DTE configuration setting (or global DTE mode) and then the client DTE mode.
Data-in-transit encryption decision for various NetBackup operations is carried out based on the global DTE mode, the client DTE mode, and the image DTE mode.
The supported values for the global DTE mode are as follows:
Preferred Off: Specifies that the data-in-transit encryption is disabled in the NetBackup domain. This setting can be overridden by the NetBackup client setting.
Preferred On: Specifies that the data-in-transit encryption is enabled only for NetBackup 9.1 and later clients.
In case of fresh NetBackup installation, the global DTE mode is set to Preferred On by default.
In case of NetBackup upgrade, the previous setting is retained.
This setting can be overridden by the NetBackup client setting.
Enforced: Specifies that the data-in-transit encryption is enforced if the NetBackup client setting is either 'Automatic' or 'On'. With this option selected, jobs fail for the NetBackup clients that have the data-in-transit encryption set to 'Off' and for the hosts earlier than 9.1.
Note:
By default, the DTE mode for 9.1 clients is set to Off and for 10.0 and later clients, it is set to Automatic.
RESTful API to be used for the global DTE configuration:
GET - /security/properties
POST - /security/properties
To set or view the global DTE mode using the NetBackup web UI
- Sign in to the NetBackup web UI.
- At the top right, select Security > Global security.
- On the Secure communication tab, select one of the following global DTE settings:
Preferred Off
Preferred On
Enforced
To set and view the global DTE mode using the command-line interface
- Run the following command to set the global DTE mode:
nbseccmd -setsecurityconfig -dteglobalmode 0|1|2
Where the value 0 represents Preferred Off, 1 represents Preferred On, and 2 represents Enforced.
- Run the following command to view the value that is set for the global DTE mode:
nbseccmd -getsecurityconfig -dteglobalmode