Protect your storage environment with an improved security protocol
Tivoli® Storage Manager Version 7.1.8 provides an improved security protocol.
To protect your storage environment from security threats, Tivoli Storage
Manager has an improved security protocol that uses
Transport Layer Security (TLS) 1.2 to encrypt all communication between the server, storage agent,
and clients. A new SESSIONSECURITY parameter determines whether an
administrator, node, or server must use the most secure settings to communicate with a Tivoli Storage
Manager server. Tivoli Storage
Manager servers, clients, and storage agents that use
V7.1.8 or later software or IBM Spectrum Protect V8.1.2 or later software are automatically
configured to communicate with each other by using the Secure Sockets Layer (SSL) protocol.
Certificates are distributed automatically.
Restrictions:
- Storage agents that use V7.1.8 or later software are automatically configured to use SSL. Library clients and library manager servers automatically use SSL to communicate with storage agents that use V7.1.8 or later software or V8.1.2 or later software, but you must manually configure the certificates between them. A storage agent automatically exchanges certificates with its database server.
- After an administrator successfully authenticates by using IBM Spectrum Protect V8.1.2 or later software or Tivoli Storage Manager V7.1.8 or later software, the administrator can no longer authenticate on clients or servers that are using earlier versions. This restriction also applies when you use functions such as command routing or server-to-server export, when the administrator authenticates to the IBM Spectrum Protect server as an administrator from another server.
For a detailed description of the SESSIONSECURITY parameter, see the command topics for registering and updating administrator IDs, nodes, and servers. For the latest information about V7.1.8 security updates, see technote 2004844.