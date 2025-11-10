NMX Controller and NMX Telemetry offer security support.

They use GRPC for client communication, which works over TLS or MTLS configured via NVOS CLI. Below is a simple flow for using MTLS with Cluster Manager, along with a list of cluster commands attached to this manual.

Note The same CA could be used on both sides, or each side could choose a different CA.

In NVOS, the Cluster applications NMX-C/NMX-T function as GRPC servers, while the Cluster Manager device operates as the GRPC client.

The configuration from the NVOS CLI stores the Client CA certificate and the Server certificate on the NVOS side and binds the certificates to the apps for supporting the TLS/MTLS on top of GRPC.

To configure mutual TLS (mTLS) with Cluster Manager, ensure that the necessary certificates and configurations are set up across both the control plane and data plane components. Below is an example of how to configure mTLS in your Cluster Manager environment:

Copy Copied! admin @nvos :~$ nv set cluster state enabled admin @nvos :~$ nv config apply admin @nvos :~$ nv action import system security certificate cert-name passphrase 12345678 uri-bundle scp: admin @nvos :~$ nv action import system security ca-certificate cacert-name uri scp: admin @nvos :~$ nv action update cluster apps nmx-controller manager enabled admin @nvos :~$ nv action update cluster apps nmx-controller manager certificate cert-name admin @nvos :~$ nv action update cluster apps nmx-controller manager ca-certificate cacert-name admin @nvos :~$ nv action update cluster apps nmx-controller manager encryption mtls





To enable TLS with Cluster Manager, you must configure the appropriate certificates and security settings for encrypted communication between services in the cluster. Below is an example configuration for setting up TLS in your Cluster Manager environment:

Copy Copied! admin @nvos :~$ nv set cluster state enabled admin @nvos :~$ nv config apply admin @nvos :~$ nv action import system security certificate cert-name passphrase 12345678 uri-bundle scp: admin @nvos :~$ nv action update cluster apps nmx-controller manager enabled admin @nvos :~$ nv action update cluster apps nmx-controller manager certificate cert-name admin @nvos :~$ nv action update cluster apps nmx-controller manager encryption tls



