Performance characteristics of NAT support
Since NAT support can be used to backup and restore NetBackup clients across insecure networks like the internet, data channel encryption is enabled by default for communication with NAT clients and servers (or NAT hosts). This follows the 'secure by default' principle.
NetBackup does not currently offer data channel encryption for the hosts for which NAT support is disabled. Data channel encryption secures the data in-flight between the NAT host and the NetBackup server and does not encrypt the data at-rest. The data channel is secured using the secure communications infrastructure.
The current implementation of data channel encryption incurs significant performance overhead. You can disable data channel encryption for NAT hosts that do not communicate with NetBackup servers over an insecure network.
Set the ENABLE_DATA_CHANNEL_ENCRYPTION configuration option to FALSE on a NAT host to disable data channel encryption.
When data channel encryption is disabled, the backup and restore performance of NAT hosts is similar to the hosts for which NAT support is disabled.