Access Keys:
Skip to content (Access Key - 0)

Encryption Within TSM

On this page:

Data in Motion

Encrypting your data when your machine is sending it over the network to the TSM server:

  • You must be using a TSM client that is version 8.1.2 or later (or 7.1.8 or later if you are using a v7 client)
  • add SSL yes to your dsm.sys file (dsm.opt on Windows)
  • restart the tsm service
Warning: The data is only encrypted when it is in transit to the TSM server, once there is is stored unencrypted. See below for encrypting your data while it is stored on the TSM server.

Data at Rest

By default, your data is not encrypted when it is stored within TSM. However, when you use the TSM encryption function, you can encrypt the data and ensure that your information is secure and protected, if the backup media (tapes and disks) were to fall into the wrong hands.

To protect your data – especially sensitive data such as documents containing social security numbers, payroll data, and health records – you can encrypt your data using the encryption function within TSM (Tivoli Storage Manager).

You must add two lines (and may optionally add a third) to your dsm.sys file (dsm.opt on Windows)

If you choose the SAVE or PROMPT setting for ENCRYPTKEY, you should store the password somewhere safe, such as Lastpass (http://kb.mit.edu/confluence/display/istcontrib/LastPass+Landing+Page)

Warning: If you lose or forget the encryption key password, your data cannot be restored or retrieved, and IS&T cannot recover this password for you. If you are using the ENCRYPTKEY SAVE option, remember that the saved copy may be lost in the case of disk failure, ransomware attack, fire, or other disaster.
Warning: Setting this option will not encrypt existing backups, only newly backed up files. If you want existing files to be encrypted, they must be backed up again. Depending on the amount of data involved, this may take a long time

Consider the use of encryption carefully, especially for files that are being archived for a long period of time.

If you have questions about encryption within TSM, send email to tsm-systems@mit.edu.

Also see Policy on the Use of Information Technology.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

December 19, 2023

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-tsm c-tsm Delete
tsm tsm Delete
tivoli tivoli Delete
storage storage Delete
encryption encryption Delete
encrypt encrypt Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki