Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Deduplication Guide
  5. Configuring deduplication
  7. About MSDP FIPS compliance
Veritas NetBackup™ Deduplication Guide

About MSDP FIPS compliance

The Federal Information Processing Standards (FIPS) define U.S. and Canadian Government security and interoperability requirements for computer systems. The FIPS 140-2 standard specifies the security requirements for cryptographic modules. It describes the approved security functions for symmetric and asymmetric key encryption, message authentication, and hashing.

For more information about the FIPS 140-2 standard and its validation program, see the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program website at https://csrc.nist.gov/projects/cryptographic-module-validation-program.

The NetBackup MSDP is now FIPS validated and can be operated in FIPS mode.

Note:

You must run FIPS mode on a new installation of NetBackup 8.1.1.

Enabling MSDP FIPS mode

Ensure that you configure the storage server before you enable the MSDP FIPS mode.

Caution:

Enabling MSDP FIPS mode might affect the NetBackup performance on a server with the Solaris operating system.

Enable the FIPS mode for MSDP by running the following commands:

  • For UNIX:

    /usr/openv/pdde/pdag/scripts/set_fips_mode.sh 1

    For Windows:

    <install_path>\Veritas\pdde\set_fips_mode.bat 1

  • Restart the NetBackup service on the server and the client.

    • For UNIX:

      • /usr/openv/netbackup/bin/bp.kill_all

      • /usr/openv/netbackup/bin/bp.start_all

    • For Windows:

      • <install_path>\NetBackup\bin\bpdown

      • <install_path>\NetBackup\bin\bpup

Warning:

Veritas recommends that you do not disable the MSDP FIPS mode once you enable it, for security reasons.

Getting the status of MSDP FIPS mode

To get status of the MSDP FIPS mode, enter the following commands:

For UNIX:

/usr/openv/pdde/pdcr/bin/crcontrol --getmode

For Windows:

<install_path>\Veritas\pdde\crcontrol.exe --getmode

Other things to note:

  • FIPS must be enabled on all the NetBackup components to establish a connection. When the FIPS mode is not enabled, communication can occur between the NetBackup clients and the servers that have earlier, supported NetBackup versions.

  • The MSDP FIPS mode does not support NetBackup CloudCatalyst.

Feedback

Was this page helpful?
Previous

Updating an MSDP catalog backup policy

Next

Configuring deduplication to the cloud with NetBackup CloudCatalyst

Feedback

Was this page helpful?