Hello,
Is there a possibility to enable transport encryption for existing clients and if so where ?
I could not find the item so far.
Kind Regards
Thomas
Answer
How do I enable transport encryption for existing clients?
- Novice
Best answer by Mike Struening
Yes, you can!
There’s a few ways to enable different protocols and security, though you’re correct, that’s the way!
If you have a question or comment, please create a topic
+22- Vaulter
https://documentation.commvault.com/11.24/expert/7764_software_encryption.html
There’s multiple levels you can enable, so some review of the docs is a good start.
Let me know if you have any questions about the documentation 
https://www.linkedin.com/in/michael-struening
- Novice
Hello
I found another article yesterday which says that we can also enable the nCLNT_FORCE_TUNNEL function through the Client Computer Group via the Additional Settings.
Is this also a way to enable the Tansport encryption ?
Kind Regards
Thomas
+22- Vaulter
- Answer
Yes, you can!
There’s a few ways to enable different protocols and security, though you’re correct, that’s the way!
- Novice
Hello
Thanks for the feedback. We will test the encryption next Monday on individual clients and if the jobs run without problems until Tuesday, we would enable transport encryption globally.
- Novice
Hello
unfortunately the test to enable transport encryption did not bring success, because it does not work via this way:
I enabled transport encryption for a client via Additional Settings via nCLNT_FORCE_TUNNEL, but still the error occurs. An analysis of the traffic via Wireshark
showed that everything is still transmitted in clear text.
I have also attached a screenshot (2022-03-16 09_25_39-Window.png) with the setting on the one client (hovspmd2).
- Vaulter
Great discussion.
Thank you
- Novice
Hello
No, I had overlooked that in the many topics that I currently have. I've added it now and we'll make another recording of the traffic.
Thank you for the tip.
- Novice
Hello
it seems that the transport encryption is not working.
Is there a way to check the transport encryption via Commvault ?
Kind Regards
Thomas
- Vaulter
To check the in transit traffic you would have to use something like WireShark to capture the packets.
- Novice
Hello,
We are planning to enable transport encryption globally next week to comply with our company policy and to see if there is a general problem with transport encryption as it does not seem to work on the selected clients.
From what I have read, enabling it will have no effect on the service. If there are any problems, we can simply uncheck it. Is that correct ?
- Novice
Hello
ok thank you very much for the information.
Since we have scheduled the activation globally on March 31, this topic can be marked as done for now.
Kind Regards
Thomas
+22- Vaulter
Sounds good. If anything comes up, update the thread and we’ll keep working on this!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.