It is possible for the Storage Project client to encrypt the data to be backed up before transferring it to the Storage Protect servers.

New Storage Protect clients automatically encrypt the transmission of data with TLS. For encrypted storage of backup data on the Storage Protect servers, the client configuration must be adjusted as described here.

Please note that restoring encrypted backup data is possible only with a key. Therefore, secure the key carefully, preferably in an external location.

In order to be able to use all encryption functions, please install the newest client version using the following link: http://www.scc.kit.edu/backupbw/

Possibilities for data encryption

Recommended methods

• ENCRYPTKEY GENERATE:
  The client automatically generates an encrypted password and saves it on the server. The recoverability of encrypted data is thus maximized.

Not recommended methods

• ENCRYPTKEY PROMPT:
  Here for each file you want to save, you are asked for a password for encryption. If the password is lost, you can no longer recover the data. Automatic saving is not possible with this option.
• ENCRYPTKEY SAVE:
  The password for encryption is saved in encrypted form on the client after being entered locally. Automatic saving is possible with this option. Saved data cannot be restored if the file key is lost. Here it is strongly recommended to save the key externally.

Configuration of data encryption

Set the following options in dsm.opt (Windows) or dsm.sys (Unix)

Now you have to specify in the Include/Exclude list which file spaces or which files should be encrypted. Without this option no data will be encrypted!

Example: Windows

Example: Unix

For more information on encryption, please refer to the manual for your platform.

https://www.ibm.com/docs/en/storage-protect/8.1.19