Skip to main content

Hello to all!

I read some similar threads about Encrypting Network Traffic, but Im a little bit confused.

A customer wants to know if the Commvault backup installation (11.28) has by default Network encryption over HTTPS between CS / MAs / clients?

I need to clarify if encryption over network traffic for Commvault Servers are enabled by default, at this point I don’t care about Encrypting backup data.
https://documentation.commvault.com/11.24/expert/134328_enabling_encryption_in_commcell.html

Please for your feedback,
Nikos

It's been a while since I started a brand new CommCell environment from scratch, but as far as I know it is not enabled by default. You will have to configure network topologies to accomplish this if you want to enable end-to-end encryption for both control and data traffic. 

Hi @Onno van den Berg 

Thanks for your reply.

In case I configure network topologies for end-to-end encryption, Im going to face any performance degradation?

Also, in case you have a Azure Blob Storage as a backup repository, by default the traffic between    MA ↔️ Blob Storage   is encrypted over HTTPS?

Thanks again,
Nikos

There is some performance degradation when enabling end-to-end encryption compared to unencrypted. but this is primarily due to cpu overhead of encrypting traffic. 

Default is still to run unencrypted between the clients/mediaagents/commserve as they are considered to be in a trusted network environment. 

Traffic between Mediaagent and Blob is encrypted as long as the blob is configured with https.

https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer

in addition you can configure commvault to encrypt data at rest, giving you an additional encryption layer that are not directly controlled by azure.

 

Reply


Terms & ConditionsCookie settings