cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Is Windows NetBackup Java Admin Console traffic encrypted?

sdo
Moderator
Moderator
Partner    VIP    Certified

‎07-24-2017 07:53 AM

master v8.0 on AIX 7.1

console NetBackup Java Admin Console on Windows 2012 R2.

.

Does anyone know for definite either way whether the embedded data with the TCP packets  for all NetBackup Java Amdin Console traffic is auto-encrypted?   i.e. rendering pretty much useless any casual sniffer looking for even a few strings of readable meta-data text ?

0 Kudos
4 REPLIES 4

sdo
Moderator
Moderator
Partner    VIP    Certified

‎07-25-2017 07:26 AM

Opened a case.  Support have said that the traffic is not encrypted.

0 Kudos

X2
Moderator
Moderator
   VIP   
In response to sdo

‎07-25-2017 07:30 AM

I spent about an hour yesterday reading documentation to find the answer - it is hard to find particular stuff like this :(

Could you ask them if the non-encrypted traffic is only default and if it can be set to be encrypted by changing configuration? I sometimes redirect X from my Linux master over a forked SSH tunnel but I don't expect non-Linux savvy people to be able to easily do that especially our operators. It would be nice if the traffic is encrypted using a configuration setting.

0 Kudos

sdo
Moderator
Moderator
Partner    VIP    Certified
In response to X2

‎07-25-2017 10:26 AM - edited ‎07-25-2017 10:28 AM

If the jnbSA "X-display" admin console traffic (and all of it's embedded graphics protocols and any text) is carried over ssh then you should have no fear of casual packet sniffing, right?

My concern was Windows NetBackup Java Admin Console which AFAIK is not a graphics protocol and my understanding was that the Java "processes" which make up the Windows NetBackup Java Admin Console actually send what are effectively CLI commands across to the NetBackup Server (Master, Media, Master/Media) to be executed and then have the textual (most probably "json" format) CLI output sent back to the Windows java processes to be processed, munged, interpreted and ultimately displayed.

I was told that there are no options to encrypt this plain text meta-data (commands sent, output received).

Personally, even if we knew whether the meta-data was compressed, or obfuscated in someway even, simply to avoid casual sniffers collecting strings, then that would be better than nothing.  The case is closed now.  I'd like to think that support would have explained to me that it was compressed or obfuscated.  No offer/mention of any forthcoming plans to encrypt that traffic either.

 

 

0 Kudos

X2
Moderator
Moderator
   VIP   
In response to sdo

‎07-26-2017 08:39 AM

@sdoI understand your concern when connecting to Administration console on Windows. Luckily, I have my masters on RHEL. The access is limited via VLAN/ACLs. Also, when not on side, the only way is to use VPN. So, in almost all situations, I can have the connection encrypted in some fashion.

Ideally, at least basic encryption between console and master would be expected in these days and times.

Also, I wonder how does Veritas explain insecure traffic to the US governement when submitting proposals!

0 Kudos