1,126
edits
Difference between revisions of "Content Manager OnDemand Native Encryption"
Content Manager OnDemand Native Encryption (view source)
Revision as of 20:52, 28 April 2021
, 20:52, 28 April 2021Added section on CMOD encryption / decryption on retrieval.
m (Formatting change) |
m (Added section on CMOD encryption / decryption on retrieval.) |
||
| Line 21: | Line 21: | ||
== OnDemand Native Encryption == | == OnDemand Native Encryption == | ||
OnDemand protects data "at-rest" by encrypting it with AES-256-CBC at load time, and before it's written to the CMOD Cache Filesystem, or secondary storage like Tivoli Storage Manager / Spectrum Protect or cloud-based storage services. | OnDemand protects data "at-rest" by encrypting it with AES-256-CBC at load time, and before it's written to the CMOD Cache Filesystem, or secondary storage like Tivoli Storage Manager / Spectrum Protect or cloud-based storage services. | ||
Encryption is transparent to all clients accessing CMOD servers - when a retrieval request is received from a client, the server accessed the encrypted file on disk, then decrypts it with the data encryption key, and optionally compresses it in anticipation of being sent back to the user. At that point, if the client connection to the CMOD server is not encrypted, the data is vulnerable to interception or alteration. However, if Content Manager OnDemand SSL support is configured, then the documents are protected by the SSL session key, and cannot be read or changed by a third party. | |||
== CMOD SSL Encryption == | == CMOD SSL Encryption == | ||