Encrypt backups feature

IBM Spectrum Protect™ for Workstations provides AES256 encryption for files that are stored on the remote server. The encryption feature for backups provides an extra layer of security for files in the remote storage area.

To set up encryption, click Encrypt backups. When the first file backup occurs, you are prompted to enter an encryption password. This password is cached and also saved in an encrypted file in the ProgramData folder. The password is required to restore files that are backed up by IBM Spectrum Protect for Workstations. If you disable encryption and enable encryption again, you are not prompted to create a new password.

Preserve your password: Ensure that you make a secure record of your password. If you lose your password, files might be unrecoverable.

The IBM Spectrum Protect product does not support prompted encryption. Therefore, if you specify the IBM Spectrum Protect server as your remote storage area, you must configure non-prompted encryption in the IBM Spectrum Protect dsm.opt options file. In the dsm.opt file, use the following statement to create the encryption key:

encryptkey generate

See IBM Spectrum Protect for Windows Backup-Archive Client Installation and User's Guide for information about how to set encryption options in the dsm.opt file. The dsm.opt file is stored in the ProgramData folder. For information about how to access the ProgramData folder, see Accessing the program data folder.

The following usage rules apply to the encrypt backups feature:

You cannot encrypt files that are stored in the local storage area.
You cannot configure both encryption and compression.

IBM Spectrum Protect for Workstations cannot protect backup copies that are encrypted. In other words, you cannot create encrypted backup copies and then use IBM Spectrum Protect for Workstations to make backup copies of those backup copies. You can use IBM Spectrum Protect or another backup solution to protect the encrypted backup copies on the file server.