Question & Answer
Question
If I upgrade some of my servers and clients to V8.1.2+ or V7.1.8+, can they still connect to older versions of servers and clients?
Answer
Yes. V8.1.2+ and V7.1.8+ clients and servers will continue to authenticate with earlier versions when the SESSIONSECURITY parameter value is set to the TRANSITIONAL, which is the default. The SESSIONSECURITY parameter transitions to STRICT after a successful authentication that uses an upgraded client (V8.1.2+ and V7.1.8+). To take advantage of the latest security enhancements, update all IBM Spectrum Protect servers and backup-archive clients in your environment to the latest version.
Question
Do I need to manually configure each client to set up certificates and SSL (Secure Sockets Layer)?
Answer
No. The new SSL enhancements do not require option changes, and certificates are transferred to clients automatically upon first connection when the SESSIONSECURITY parameter is set to the TRANSITIONAL value (which is the default). The SESSIONSECURITY parameter value transitions to STRICT after a successful authentication that uses a newer version of the client (V8.1.2+ and V7.1.8+). If you are using a single administrator ID to access multiple systems, make sure the server's certificate is installed on each system before you install V8.1.2 or later or V7.1.8 or later software.
Question
Can I become locked out of my server if the SESSIONSECURITY parameter for all my administrator IDs is set to STRICT?
Answer
No. You can manually import the server’s public certificate to a client from which you run dsmadmc. Before you upgrade, identify all systems that the administrator account uses to log in for administration purposes. Then, ensure that the server's certificate is installed on each system before you install V8.1.2 or later or V7.1.8 or later software.
Question
Will using SSL slow down my backup and restore operations?
Answer
No. The new security protocol uses a combination of TCP/IP and SSL to secure communication between servers, clients, and storage agents. By default, SSL is used only to encrypt authentication and metadata, while TCP/IP is used for data transmission. Since SSL encryption is primarily used for authentication, performance for backup and restore operations is not affected.
Related Information
Product Synonym
TSM
Was this topic helpful?
Document Information
Modified date:
15 September 2023
UID
ibm10718441