Netezza Performance Server client encryption and security
The Netezza Performance Server system supports SSL for encrypting communication with Netezza Performance Server client users and peer authentication between the client and Netezza Performance Server host. The encryption protects the communication for the client users who access their data by using ODBC, JDBC, nzsql, or the command-line interfaces. The peer authentication uses a digital certificate from the Netezza Performance Server system to confirm the identity of the clients and host.
- Encrypted communications have a performance impact because of the time and processing that is necessary for the encryption and decryption. For Netezza Performance Server client users who are within a secure network environment, consider the use of unsecured connections for best performance.
- Starting from versions 11.0.7.0 and 11.1.1.0, Netezza Performance Server provides TLSv1.2 support through the
postgres.conf
configuration variable enable_tls_v12 (which by default is set to OFF). Enabling Netezza Performance Server enhanced cryptography support also turns on TLSv1.2. Use TLSv 1.2 (instead of the default SSLv3, which is deprecated now). - If you use your own certificates, make sure that the private key parameter does not have a password. Password-enabled private keys are not supported.
- Define SSL certification files in the postgresql.conf file for peer authentication.
- Create connection records to restrict and manage client access to the system.
The Netezza Performance Server client users must specify security arguments when they connect to Netezza Performance Server systems.