Data-in-transit encryption support

Data-in-transit encryption is supported for the following NetBackup data and metadata operations:

Data flow from a client to a media server
Data flow from a media server to a client
Metadata transfer from a media server to the primary server
Data flow from one media server to another during duplication and synthetic backup

Data-in-transit encryption is not supported for the following NetBackup operations or communications:

Communication between an OST plug-in and the underlying storage provider is not supported. It includes the following:
- Communication between NetBackup and cloud storage
- Communication between NetBackup and the third-party OST providers such as DataDomain, NetApp, and so on
Data-in-transit encryption is not supported for the following MSDP workflows:
- Optimized Duplication
- AIR replication
For these two operations, you need to explicitly configure the following option on both storage servers:
OPTDUP_ENCRYPTION=1
The DTE configuration in NetBackup does not control the data channel between two storage servers.
Communication between NetBackup and workload applications such as VMware, Hyper-V, Microsoft Exchange, SharePoint, and Nutanix are not supported.
Once the data is transferred from a workload application to NetBackup, it is then securely transferred over the TLS channel within the NetBackup boundary.
NDMP communication
SAN client communication
Communication with the NBFSD process
The process uses the standard NFS or CIFS protocol.