Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- About user authentication on the NetBackup appliance
- About configuring user authentication
- About authenticating LDAP users
- About authenticating Active Directory users
- About authentication using smart cards and digital certificates
- About authenticating Kerberos-NIS users
- About the appliance login banner
- About user name and password specifications
- User authorization
- Intrusion prevention and intrusion detection systems
- About Symantec Data Center Security on the NetBackup appliance
- About the NetBackup appliance intrusion prevention system
- About the NetBackup appliance intrusion detection system
- Reviewing SDCS events on the NetBackup appliance
- Running SDCS in unmanaged mode on the NetBackup appliance
- Running SDCS in managed mode on the NetBackup appliance
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- Remote Management Module (RMM) security
- STIG and FIPS conformance
- Appendix A. Security release content
- Index
About IPsec Channel Configuration
The NetBackup appliance uses IPsec channels to secure communication between two appliances, thus helping to secure data in transit. All other communication between NetBackup appliance and non-appliance, like the NetBackup primary servers, would be non-IPsec.
IPsec security works at IP level and allows securing IP traffic between two appliances. Device certificates are provisioned to the Primary and media appliances, these certificates are then enabled for configuring IPsec channels. This enables a secure interaction of the primary and media servers. The device certificates used are x509 certificates issued by DigiCert CA.
The appliance performs the following validation checks before establishing IPsec channel:
Validate the authenticity of the certificates using the x509 cert validate.
Validate whether the device certificate corresponds to the IP.
Validate and update security associations in both directions of the communication.
The appliances are detected after the device certificates are recognized. Only after this is the IPsec channel configured and enabled.
You can use the Main > Network > Security command from the NetBackup Appliance Shell Menu to configure the IPSec channel between two appliances. For more information of configuring IPsec channels, refer to the NetBackup Appliance Command Reference Guide.
Table: IPsec commands
Command | Description |
|---|---|
Network > Security > Configure | You can use this command to configure IPsec between any two appliances. |
Network > Security > Delete | You can use this command to remove IPsec policies for a list of remote appliances on a local system. |
Network > Security > Export | Use this command to export the IPsec credentials. Note: The IPsec credentials are removed during a reimage process. The credentials are unique for each appliance and are included as part of the original factory image. The IPsec credentials are not included on the USB drive that is used to reimage the appliance. |
Network > Security > Import | Use this command to import IPsec credentials. |
Network > Security > Provision | Use this command to provision IPsec policies for a list of remote appliances on a local system. |
Network > Security (IPsec) > Refresh | Use this command to reload the IPsec configuration. |
Network > Security > Show | Display the IPsec policies for the local host (appliance) or a specified appliance. |
Network > Security > Unconfigure | Use this command to unconfigure IPsec between any two appliances. |