Securing communications

Your data and passwords are more secure when you protect them by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), a form of SSL.

SSL and TLS are the standard technology for creating encrypted sessions between servers and clients. SSL and TLS provide a secure channel for servers and clients to communicate over open communication paths. With SSL and TLS, the identity of the server is verified by using digital certificates. Clients, servers, and storage agents that are using IBM Spectrum Protect™ V8.1.2 or later or Tivoli® Storage Manager V7.1.8 software to communicate are automatically configured to use TLS 1.2.

To improve system performance, use TLS for authentication without encrypting object data. To specify whether the server uses TLS 1.2 for the entire session or only for authentication, see the SSL client option for client-to-server communication, and the SSL parameter in the UPDATE SERVER command for server-to-server communication. If you choose to use TLS to encrypt object data, consider adding more processor resources on the Tivoli Storage Manager server to manage the increased network traffic.

If you authenticate passwords with an LDAP directory server, TLS protects passwords between the Tivoli Storage Manager server and the LDAP server. TLS is required for all LDAP password communications.