Communication support modules for data transmission encryption

You can use the communication support modules (CSMs) to encrypt data transmissions, including distributed queries, over the network.

The encryption CSM (ENCCSM) provides network transmission encryption.

This option provides complete data encryption with a standard cryptography library, with many configurable options. A message authentication code (MAC) is transmitted as part of the encrypted data transmission to ensure data integrity. A MAC is an encrypted message digest.

CSMs have the following restrictions:

• You cannot use an encryption CSM and a simple password CSM simultaneously. For example, if you are using the simple password CSM, SPWDCSM, and decide to encrypt your network data, you must remove the entries for the SPWDCSM in your concsm.cfg and sqlhosts files.
• You cannot use either simple password CSM or encryption CSM over a multiplexed connection.
• Enterprise Replication and high-availability clusters (High-Availability Data Replication, remote stand-alone secondary servers, and shared disk secondary servers) support encryption, but cannot use a connection configured with a CSM. See Enterprise replication and high availability network data encryption for more information about this topic.
• Encrypted connections and unencrypted connections cannot be combined on the same port.