You can use the Secure Sockets Layer (SSL) or the Transport Layer Security (TLS) protocol to provide transport layer security for a secure connection between Tivoli® Storage Manager servers, clients, and storage agents. If you send data between the server, client, and storage agent, use SSL or TLS to encrypt the data.
SSL is provided by the Global Security Kit (GSKit) that is installed with the Tivoli Storage Manager server that the server, client, and storage agent use. The Operations Center and Reporting agent do not use GSKit.
Each Tivoli Storage Manager server, client, or storage agent that enables SSL must use a trusted self-signed certificate or obtain a unique certificate that is signed by a certificate authority (CA). You can use your own certificates or purchase certificates from a CA. Either certificate can be installed and added to the key database on the Tivoli Storage Manager server, client, or storage agent. The certificate is verified by the SSL client or server that requests or initiates the SSL communication.
SSL is set up independently on the Tivoli Storage Manager server, client, and storage agent.
The Tivoli Storage Manager server, client, or storage agent can serve as SSL clients during communication. An SSL client is the component that initiates communication and verifies the certificate for an SSL server. For example, if a Tivoli Storage Manager client initiates the SSL communication with a Tivoli Storage Manager server, the Tivoli Storage Manager client is the SSL client and the server is the SSL server.
| SSL client | SSL server | Description |
|---|---|---|
| Client | Server | The Tivoli Storage Manager client initiates a communication request with the Tivoli Storage Manager server. The client verifies the certificate. The server provides the certificate. |
| Server (such as a source server) | Server (such as a target server) | The Tivoli Storage
Manager source server
initiates a communication request with the Tivoli Storage
Manager target server.
The source server acts as an SSL client and verifies the certificate
that the target server provides. This type of communication is common during replication processing. |
| Client through a storage agent | Server | The client uses the Tivoli Storage
Manager storage
agent to verify the certificate that the Tivoli Storage
Manager server provides. When the storage agent communicates with the server by using the SSL communication protocol, the storage agent acts as an SSL client and verifies the certificate that the server provides. The storage agent can be the SSL client and the SSL provider at the same time. |
| Server | LDAP server | The Tivoli Storage Manager server initiates a communication request with the LDAP server. The Tivoli Storage Manager server acts as the SSL client and verifies the certificate that the LDAP server provides. |
| Operations Center | Server | The Operations Center initiates a communication request with the Tivoli Storage Manager server. The Operations Center acts as the SSL client and verifies the certificate that the Tivoli Storage Manager server provides. |
| Reporting | Server | The Reporting agent initiates a communication request with the Tivoli Storage Manager server. The Reporting feature acts as the SSL client and verifies the certificate that the Tivoli Storage Manager server provides. |