Managing encryption in transit and at rest in InfoPrint Manager for Windows

InfoPrint Manager encryption workflow

Encryption workflow

InfoPrint Manager Web Administration Interface (Web GUI), the pdpr command, InfoPrint Submit Express, the SAP client, and InfoPrint Select can send jobs to InfoPrint Manager using an encrypted channel. The other clients use plain communication; therefore, IPSec or other channel encryption mechanisms are recommended.

Once a job is received, InfoPrint Manager encrypts any data written to disk. The only exceptions are documents processed by Print Rules and Custom Steps, where the document is decrypted for third-party applications.

When jobs are printed, some output methods do not support encryption. Notable examples include the AIX printing system, CUPS, and the Windows print subsystem. To pass the document to native print systems, the data must be decrypted. PSF TCP/IP keeps the data encrypted on disk; however, the communication channel itself is not encrypted.

InfoPrint Manager encryption limitations and constraints

The following components do not have encryption in transit capabilities:

  • MVS Download Receiver
  • DPF Receiver
  • LPD Gateway
  • IPP Gateway
  • Hot Folders

The following components do not encrypt temporary data:

  • Receiving components:
    • MVS Download Receiver
    • DPF Receiver
    • LPD Gateway
    • IPP Gateway
    • Hot Folders
  • DSSs that generate unencrypted data:
    • Passthrough
    • BSD
    • PSF Other
    • PSF Command

Parent topic: Administrative Procedures: Configuring InfoPrint Manager