Question & Answer
Can data on Tivoli Storage Manager/IBM Spectrum Protect backupset volumes be encrypted.
Data on Tivoli Storage Manager/IBM Spectrum Protect backupset volumes can be encrypted by one of the two following methods:
1) Client encryption is used to encrypt all the data for a given node or set of nodes that will have backupsets generated. The encryption key used when the data was backed up would be required to decrypt the data from any backupset it was placed on. For details on how to configure clients to use client encryption refer to the Tivoli Storage Manager/IBM Spectrum Protect Information Center client Users Guides
2) A backupset can be generated with a device class that uses devices which are capable of hardware encryption (i.e. LTO4). While the Tivoli Storage Manager/IBM Spectrum Protect will not manage the encryption of this data (application managed drive encryption is only supported for storage pool volumes), a backupset can be created on devices that encrypt data written to them.
In both of these cases the appropriate care would need to be taken to manage the encryption keys associated with the respective encryption activity so that the data could be restored as needed.
23 June 2018