Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Logging Reference Guide
  5. NetBackup Administration Console logging
  7. Setting up a secure channel between the NetBackup Administration Console and either nbsl or nbvault
Veritas NetBackup™ Logging Reference Guide

Setting up a secure channel between the NetBackup Administration Console and either nbsl or nbvault

The following steps describe the process flow to set up a secure channel between the NetBackup Administration Console and either nbsl or nbvault:

  1. Trust is already set up between the NetBackup Administration Console and bpjava-*. The user information and session token already exist in a designated location with a name similar to the following:

    hash(session token)_susvc_pid

    See Setting up a secure channel between the NetBackup Administration Console and bpjava-*.

  2. The NetBackup Administration Console sends a request to nbsl/nbvault for a secure connection.

  3. nbsl/nbvault accepts the request and initiates a secure channel using the security certificate on the host. These daemons run with root/administrator privileges and can access the security certificate.

  4. This secure channel is a one-way authenticated SSL channel where only the server certificate is present and there is no peer certificate. There is no certificate from the NetBackup Administration Console side.

  5. The trust options for the security certificate are as follows:

    • The NetBackup Administration Console accepts the security certificate (or gives approval for this secure channel) if it trusts the NetBackup Certificate Authority (CA) who signed the security certificate.

    • If the NetBackup Administration Console does not trust the CA who signed the security certificate, it displays a pop-up dialog box. This dialog box asks if the user trusts the CA who has signed the certificate (This is a one-time activity. After the user gives consent to trust the CA, the dialog box does not display again.).

  6. The NetBackup Administration Console sends a session token to nbsl/nbvault. See Setting up a secure channel between the NetBackup Administration Console and bpjava-*.

  7. nbsl/nbvault verifies this session token by performing the following procedure:

    • Generates a hash of the session token that was received

    • Searches for the file with the name that starts with this hash at the designated location

    • If the file is found, it extracts the PID from it (see step 1)

    • Checks to see if the PID is valid

  8. The success of the verification creates a trust between nbsl/nbvault and the NetBackup Administration Console.

  9. All further communication occurs between nbsl/nbvault and the NetBackup Administration Console on this trusted secure channel.

Feedback

Was this page helpful?
Previous

Setting up a secure channel between the NetBackup Administration Console and bpjava-*

Next

NetBackup Administration Console logging configuration on NetBackup servers and clients

Feedback

Was this page helpful?