Enable Encryption In-Flight for the Spectrum Protect Client

The Spectrum Protect  Client can be configured to securely transfer data across the network for all backup, restore and archiving operations. Follow these instructions to configure AES256-bit secure SSL communication between the SP client and the SP servers. This article assumes that you have already registered and configured the SP client to communicate with the Division of IT SP backup servers.

In this article, you will learn how to:

Configure SP SSL In-Flight Encryption

  1. Determine the location of your SP installation directory:

    Platform Default TSM Installation Location
    Windows C:\Program Files\tivoli\tsm\baclient
    UNIX/Linux /opt/tivoli/tsm/client/ba/bin
    Mac OS /Library/Application Support/tivoli/tsm/client/ba/bin
  2. Download the umd-digicertCA-dsmcert.zip attachment in this article and unzip all contents into the SP client installation directory.  Ensure there is no sub-directory when unzipping. The dsmcert.* files need to be in the SP installation directory.
  3. Determine the location for your SP client options file:

    Platform Default SP Configuration File and Location
    Windows C:\Program Files\tivoli\tsm\baclient\dsm.opt
    UNIX/Linux /opt/tivoli/tsm/client/ba/bin/dsm.sys
    Mac OS /Library/Preferences/Tivoli Storage Manager/dsm.sys
  4. Edit the TSM Client options file to include the following lines:

    TCPPort 1505

  5. Ensure that the TCPSERVERADDRESS option has a DNS entry, such as sdc-busrv01.umd.edu or sdc-busrv02.umd.edu and is not an IP address.
  6. Save the file and restart all TSM services.  

Verify that your connection is SSL-enabled

  1.  Open the SP Client Graphic User Interface (GUI).  A connection should establish with the client and server.
  2.  Click File. Then, click Connection Information.

    IBM Spectrum Protect file dropdown menu
  3. Review the information on the next screen:

    Connection information
    SSL Information with AES256 information confirms SSL connectivity.