- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Log in to the PowerProtect Data Manager Appliance REST API
- User and credential management
- Authentication types and setup
- Multi-factor authentication
- iDRAC
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- External component certificate management
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
- TLS Cipher Suites
- Glossary
PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500
Enable replication encryption
You can use managed file replication (MFR) to ensure that replicated content is encrypted while in-flight to the destination storage, and then decrypted before it is saved on the destination storage.
About this task
The encryption settings on both the source and destination systems must match for successful replication. If there is an encryption mismatch and the source DD version is earlier than 7.10, then replication targets are unavailable in the UI. However, if the source and replication targets are both version 7.10 or later, then MFR automatically chooses the most secure setting based on the encryption settings of the source and destination DD systems. For example, if you enable replication encryption in PowerProtect Data Manager Appliance, enable the setting on both the source and destination DD systems before you define replication objectives. If you enable replication encryption after you initially define replication objectives, any replication jobs that were initiated during the period when the source and destination encryption settings did not match fail.
MFR replication encryption and authentication
This setting applies to each replication connection independent of the global replication encryption setting configured for the system.
The following table displays the settings configured for the system.
| Source | Destination | Desired Connection Outcome |
|---|---|---|
Enabled (anonymous) | Disabled | Enable Destination Authentication: anonymous |
Disabled | Enabled(anonymous) | Enable Source Authentication: anonymous |
Enabled (one-way) | Disabled | Enable Destination Authentication: one-way* |
Disabled | Enabled(one-way) | Enable Source Authentication: one-way* |
Enabled (two-way) | Disabled | Enable Destination Authentication: two-way* |
Disabled | Enabled(two-way) | Enable Source Authentication: two-way* |
Disabled | Disabled | Disabled |
NOTE:For one-way and two-way authentication, the certificates must already be configured in the system. If the certificates are not present, an error is logged.
Steps
- From the
PowerProtect Data Manager Appliance UI, click
, and then select
Security.
The Security dialog box appears. - Click the Replication Encryption switch so it is enabled, and then click Save.
Next steps
The window of the PowerProtect Data Manager Appliance UI displays the replication encryption setting for all protection storage systems.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\