Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

NAS/NATS encryption and adding a DMA in another network

Solved839 views22nd April 2024DMS NAS nat NATS
2
Robert Thevis [DevOps Enabler]154 6th February 2024 0 Comments

Hello everyone,

we have a customer that wants to add another DMA to their existing DMS.

The new DMA will be in another network behind a NAT and in another domain. Security is very important and all protocols need to be encrypted.

https is already set up with certificates and from my understanding it is possible to use the same certificates to enable TLS on NAS/NATS.

Also connection strings for the DMAs are already configured and I have created local Users for the Communication, but the existing DMS is IP based and I can not add the hostname of the new DMA. I guess I will need to switch the whole DMS to a hostname based one.

What is the recommended way (step by step if possible) to encrypt all communication and add the new DMA to the DMS without breaking the existing DMS?

Also: Is this possible with 10.1, or is an upgrade beforehand a necessity?

Best Regards,

Robert

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 22nd April 2024

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
0
Seppe Dejonckheere [SLC] [DevOps Advocate]2.24K Posted 7th February 2024 2 Comments

Hi,

I can’t help you with the question about a DMA in a different network behind a NAT, but I can help you with your question about encrypting all communication in a DMS.

I will start by recommending the DataMiner Hardening guide. Specifically for encryption, there are 3 things to consider:

  1. Client to DMS communication
    • The client (cube, webpage) <-> DMS communication can be secured by configuring the DMS to use https.
  2. inter DMS communication
    • Part of the communication between agents in a cluster is secured when the DMS is configured to use https.
    • Part of the communication between agents in a cluster happens over NATS. We have noticed that DataMiner currently does not support TLS encryption for NATS, but this aimed to be fixed with the upcoming release (10.4.3).
  3. DMS to DB communication
    • For STaaS, all communication is secure by default, but if you are using self hosted storage, securing the communication between the DMS and the databases requires some configuration. The hardening guide points to the relevant parts of the documentation.

I hope this helps. If you would have any more questions, feel free to reach out to me.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 22nd April 2024
Robert Thevis commented 28th February 2024

Hello Seppe,
was the TLS encryption implemented with 10.4.3?
If so, what do I need to do to activate it?

Best Regards,
Robert

Seppe Dejonckheere [SLC] [DevOps Advocate] commented 28th February 2024

Hi Robert,
We currently have a pull request open to add this information to the docs.
Once this pull request has been accepted, the hardening guide will point you to the right information, but you can already find a (draft) version using the following URL: https://github.com/SkylineCommunications/dataminer-docs/pull/2751

Kind regards,
Seppe

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs