Message Level Encryption in Tivoli Endpoint Manager
Does TEM have Message Level Encryption?
TEM has added Message Level Encryption (MLE) to its 7.1 platform release to allow your TEM Clients to encrypt upstream data so that no data originating from the TEM Client will be readable on the network. Upstream data from the TEM Client can include Fixlet/Task/Baseline relevance, action statuses, retrieved properties and/or analyses, and files sent via the TEM Upload Manager. This capability is useful for improving security when an organization has TEM Clients reporting across potentially insecure networks, including the Internet. MLE does not affect actions taken from the TEM Console or Fixlets that are already protected by digital signatures.
There are three levels of encryption that can be enabled per client through TEM Client Settings:
- REQUIRED: Client requires encryption of reports and uploads. The client will not report or upload files if it cannot find an encryption certificate or if its parent relay does not support receipt of encrypted documents.
Note: This encryption level setting should only be used if necessary as incorrect configuration can lead to significant reporting issues and orphaned clients. For example, if encryption is disabled in TEM Admin, any clients configured to require MLE would no longer be able to report.
- OPTIONAL: Client prefers but does not require encryption of reports and uploads. If encryption cannot be performed, reports and uploads are sent in clear-text. This setting will improve security while encryption is enabled, but will allow clients to continue to report should encryption be unavailable for any reason.
- NONE: Client does not encrypt reports or uploads, even if an encryption certificate is present.
For more information about MLE requirements, see:
For information about TEM and FIPS 140-2 compliance, see: