About secure communication settings — NetBackup 11.1 | Cohesity Documentation

Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist

About secure communication settings — NetBackup 11.1 | Cohesity Documentation

About secure communication settings

NetBackup provides settings that you can configure for secure communication between hosts.

Table: Secure communication settings

Setting	Description
Certificate Authority	Displays the certificate authorities that your NetBackup domain supports. The NetBackup web server can be configured to enable the NetBackup domain to use: NetBackup CA-signed certificates only External CA-signed certificates only NetBackup CA-signed certificates and external CA-signed certificates Use the -configureWebServerCerts command for certificate configuration for the web server. For more information, refer to the NetBackup Commands Reference Guide.
Enable communication with 8.0 and earlier hosts	NetBackup communicates insecurely with 8.0 and earlier hosts. For increased security, upgrade all your hosts to the current version and disable this setting. This ensures that only secure communication is possible between NetBackup hosts. The option allows NetBackup to communicate with hosts including 8.0 and earlier hosts that may be present in the existing NetBackup environment. This option also allows communication between NetBackup 8.1 or later primary server. See Disabling insecure communication. See About insecure communication with 8.0 and earlier hosts. If you have configured Auto Image Replication, ensure the following before you clear the option: The trusted primary server that you have specified for image replication is of the version that is later than NetBackup 8.0. For more information, refer to the NetBackup Administrator's Guide, Volume I.
Automatically map NetBackup host ID to host names	Hosts may have multiple host names or IP addresses associated with them. For successful communication between hosts, all relevant host names and IP addresses need to be mapped to the respective host IDs. During communication, NetBackup may detect new host names or IP addresses with respect to a host ID. Select this option to automatically map the host ID to host names or IP addresses that are detected by the system. By default, the option is selected. For increased security, clear this option so that the NetBackup Administrator can manually verify the mappings and approve them. See Automatically mapping host ID to host names and IP addresses.
Security level for certificate deployment	Based on the security level that is configured on the NetBackup primary server, the certificate deployment approach is determined. For example, if the security level is set to Very High, an authorization token is a must for certificate deployment. Note: Security levels for certificate deployment are specific to NetBackup CA-signed certificates. If the NetBackup web server is not configured to use NetBackup certificates for secure communication, this option cannot be accessed. See About NetBackup certificate deployment security levels. See Configuring the certificate deployment security levels.

Feedback

Was this page helpful?

Feedback

Was this page helpful?