Hello,
Is there a possibility to enable transport encryption for existing clients and if so where ?
I could not find the item so far.
Kind Regards
Thomas
Best answer by Mike Struening RETIRED
View originalHello,
Is there a possibility to enable transport encryption for existing clients and if so where ?
I could not find the item so far.
Kind Regards
Thomas
Best answer by Mike Struening RETIRED
View originalhttps://documentation.commvault.com/11.24/expert/7764_software_encryption.html
There’s multiple levels you can enable, so some review of the docs is a good start.
Let me know if you have any questions about the documentation
Hello
I found another article yesterday which says that we can also enable the nCLNT_FORCE_TUNNEL function through the Client Computer Group via the Additional Settings.
Is this also a way to enable the Tansport encryption ?
Kind Regards
Thomas
Yes, you can!
There’s a few ways to enable different protocols and security, though you’re correct, that’s the way!
Hello
Thanks for the feedback. We will test the encryption next Monday on individual clients and if the jobs run without problems until Tuesday, we would enable transport encryption globally.
Hello
unfortunately the test to enable transport encryption did not bring success, because it does not work via this way:
I enabled transport encryption for a client via Additional Settings via nCLNT_FORCE_TUNNEL, but still the error occurs. An analysis of the traffic via Wireshark
showed that everything is still transmitted in clear text.
I have also attached a screenshot (2022-03-16 09_25_39-Window.png) with the setting on the one client (hovspmd2).
Great discussion.
Thank you
Hello
No, I had overlooked that in the many topics that I currently have. I've added it now and we'll make another recording of the traffic.
Thank you for the tip.
Hello
it seems that the transport encryption is not working.
Is there a way to check the transport encryption via Commvault ?
Kind Regards
Thomas
To check the in transit traffic you would have to use something like WireShark to capture the packets.
Hello,
We are planning to enable transport encryption globally next week to comply with our company policy and to see if there is a general problem with transport encryption as it does not seem to work on the selected clients.
From what I have read, enabling it will have no effect on the service. If there are any problems, we can simply uncheck it. Is that correct ?
Hello
ok thank you very much for the information.
Since we have scheduled the activation globally on March 31, this topic can be marked as done for now.
Kind Regards
Thomas
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.