On this page:
To protect your data--especially sensitive data such as documents containing social security numbers, payroll data, and health records--you can encrypt your data using the encryption function within TSM (Tivoli Storage Manager).
By default, your data is not encrypted when it is backed up over the network. However, when you use the TSM encryption function, you can encrypt the data and ensure that your information is secure and protected.
|Warning: The encryption process takes place on the backup server and not on the client. At the present time our TSM environment is not configured for transport-level encryption, so your data will not be encrypted while travelling over the network.|
When you turn on encryption within TSM, you are asked to enter an encryption key password. This encryption key password is used to encrypt your data before it is sent over the network and stored on the TSM backup server.
Consider the management of the encryption key password carefully. Without the encryption key password, you will not be able to restore data that was backed up and encrypted with this key.
|Warning: If you lose or forget the encryption key password, your data cannot be restored or retrieved.|
Keep a copy of this encryption key password some place other than on the computer that is being backed up. One option is to copy the key to removable media, e.g., a CD-R, or onto another computer. Whatever method you choose for storing this key, there should be a copy stored offsite for Disaster Recovery purposes.
Consider the use of encryption carefully, especially for files that are being archived for a long period of time.
The TSM client software supports encryption of data that is sent to the server during a backup or archive operation. TSM versions 5.3 and above use AES 128-bit encryption while earlier versions that supported encryption used DES 56-bit.
It is strongly recommended that you review the section on encryption in Chapter 4: Backing up your data, in the [archive:TSM Client Manuals from Tivoli] before using this encryption feature within TSM.
If you have questions about encryption within TSM, send email to firstname.lastname@example.org.