Netezza Performance Server client encryption and security

The Netezza Performance Server system supports SSL for encrypting communication with Netezza Performance Server client users and peer authentication between the client and Netezza Performance Server host. The encryption protects the communication for the client users who access their data by using ODBC, JDBC, nzsql, or the command-line interfaces. The peer authentication uses a digital certificate from the Netezza Performance Server system to confirm the identity of the clients and host.

Note:
  1. Encrypted communications have a performance impact because of the time and processing that is necessary for the encryption and decryption. For Netezza Performance Server client users who are within a secure network environment, consider the use of unsecured connections for best performance.
  2. TLSv1.2 support is provided through the postgres.conf configuration variable enable_tls_v12 (which by default is set to OFF). Enabling Netezza Performance Server enhanced cryptography support also turns on TLSv1.2.
  3. If you use your own certificates, make sure that the private key parameter does not have a password. Password-enabled private keys are not supported.
If you use secure communications to the Netezza Performance Server, there are some optional configuration steps for the host:
  • Define SSL certification files in the postgresql.conf file for peer authentication.
  • Create connection records to restrict and manage client access to the system.

The Netezza Performance Server client users must specify security arguments when they connect to Netezza Performance Server systems.