Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Administrator's Guide, Volume I
  5. Section II. Configuring hosts
  7. Enabling support for NAT clients and NAT servers in NetBackup
  9. Performance characteristics of NAT support
Veritas NetBackup™ Administrator's Guide, Volume I

Performance characteristics of NAT support

Since NAT support can be used to backup and restore NetBackup clients across insecure networks like the internet, data channel encryption is enabled by default for communication with NAT clients and servers (or NAT hosts). This follows the 'secure by default' principle.

NetBackup does not currently offer data channel encryption for the hosts for which NAT support is disabled. Data channel encryption secures the data in-flight between the NAT host and the NetBackup server and does not encrypt the data at-rest. The data channel is secured using the secure communications infrastructure that was introduced with NetBackup 8.1.

The current implementation of data channel encryption incurs significant performance overhead. You can disable data channel encryption for NAT hosts that do not communicate with NetBackup servers over an insecure network.

Set the ENABLE_DATA_CHANNEL_ENCRYPTION configuration option to FALSE on a NAT host to disable data channel encryption.

When data channel encryption is disabled, the backup and restore performance of NAT hosts is similar to the hosts for which NAT support is disabled.

See ENABLE_DATA_CHANNEL_ENCRYPTION for clients.

Feedback

Was this page helpful?
Previous

Communication with clients other than NAT clients

Next

Configuring host credentials

Feedback

Was this page helpful?