ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: don´t aynone know anything about Encryption in TSM.

2002-04-03 10:08:42
Subject: Re: don´t aynone know anything about Encryption in TSM.
From: Justin Derrick <jderrick AT CANADA DOT COM>
Date: Wed, 3 Apr 2002 10:08:29 -0500 
Um, why would you need the key?

Your question is a little too vague to answer properly.

The key is only needed for two steps: encryption, and decryption (ie
backup, then restore).  Every other operation the TSM server does (store,
copy, move, collocate, expire) is done with the encrypted files.  The TSM
server doesn't care what the contents of the file are, it just moves the
files around according to the policies that have been defined.

Like I said previously -- this opens up the entire issue of a key
repository -- if a user misplaces, forgets, or the key files on the
individuals PC are destroyed, the data is *gone*.  How do you back up key
files when you don't trust your offsite storage to keep your data private?
(Possible answer:  back up your key files and send them to a different
storage company.)  But key management is another problem entirely.

-JD.
-JD.
-JD.
>thanks you all for your answers.
>thanks you all for your answers.
>
>But i just want to make one thing sure.
>
>I still need the Encryption key for the Backup Sets if i back up the client
>with Encryption?
>
>
>Kvedja/Regards
>Petur Eythorsson
>Taeknimadur/Technician
>IBM Certified Specialist - AIX
>Tivoli Storage Manager Certified Professional
>Microsoft Certified System Engineer
>
>peddi AT itn DOT is
>
> Nyherji Hf              Simi TEL: +354-569-7700
> Borgartun 37            105 Iceland
> URL:                    http://www.nyherji.is
>
>
>-----Original Message-----
>From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU]On Behalf Of
>Andrew Raibeck
>Sent: 2. apríl 2002 15:45
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: Re: don´t aynone know anything about Encryption in TSM.
>
>
>There is no additional encryption performed by the TSM server. The
>encrypted data sent by the client remains, of course, encrypted when it is
>copied to a copy storage pool or backup set (or anywhere else in the TSM
>hierarchy).
>
>Files that were encrypted when they were backed up can not be restored
>without the encryption key. The encryption key is not stored on the TSM
>server. Therefore, someone intercepting the TSM server database and
>storage pool volumes could not restore the data without the encryption key
>(unless they can hack it, but then any encryption scheme is subject to
>hacking).
>
>Except for TSM client encryption, there are no other TSM-enabled means of
>encrypting the data.
>
>Regards,
>
>Andy
>
>Andy Raibeck
>IBM Software Group
>Tivoli Storage Manager Client Development
>Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
>Internet e-mail: storman AT us.ibm DOT com
>
>The only dumb question is the one that goes unasked.
>The command line is your friend.
>"Good enough" is the enemy of excellence.
>
>
>
>
>Pétur Eyþórsson <peddi AT ITN DOT IS>
>Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>04/02/2002 07:57
>Please respond to "ADSM: Dist Stor Manager"
>
>
>        To:     ADSM-L AT VM.MARIST DOT EDU
>        cc:
>        Subject:        RE: don´t aynone know anything about Encryption in
>TSM.
>
>
>
>My question was conserning 2 things.
>
>
>If you use Encryption. Cant people who get a hold of the TSM Database and
>the Copy Storage Pools, restore the data, whether the data was back up
>with
>Encrytpion or not?
>
>If you make a bakup set from the data back up. is ther Encryption on that
>data? if not is ther posible to make the backup sets more secure?
>
>
>I have read about Encryption, witch sais that the data is Encrypted before
>the data is sent on the TSM Server. i haven´t read anything about
>Encrytpion
>on the acctual TSM server data, whether the data uses encryption there or
>not. It does not matter if the data is Encrypted on the way to the TSM, it
>only matters if i can secure the data offsite? And i havent read anything
>about that in TSM only about Encryption in TSM for clients.
>
>
>Kvedja/Regards
>Petur Eythorsson
>Taeknimadur/Technician
>IBM Certified Specialist - AIX
>Tivoli Storage Manager Certified Professional
>Microsoft Certified System Engineer
>
>peddi AT itn DOT is
>
> Nyherji Hf              Simi TEL: +354-569-7700
> Borgartun 37            105 Iceland
> URL:                    http://www.nyherji.is
>
>
>-----Original Message-----
>From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU]On Behalf Of
>Martin, Jon R.
>Sent: 2. apríl 2002 14:36
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: Re: don´t aynone know anything about Encryption in TSM.
>
>
>In Petur's defense, I think he is trying to say he could not find anywhere
>that specifically said "data in a Seq. Access Storage Pool, that goes
>offsite will be encrypted."  I can't see where he says he read a document
>that says it is not encrypted.
>
>Jon
>
>-----Original Message-----
>From: Jack Magill [mailto:tivoli.instructor AT COX DOT NET]
>Sent: Tuesday, April 02, 2002 9:10 AM
>To: ADSM-L AT VM.MARIST DOT EDU
>Subject: Re: =?8859_1?B?ZG9utHQg?=aynone know anything about Encryption
>in TSM.
>
>
>Hi, I was just wondering where you found the information stating that the
>data was only protected on the way to the server, but not on the server.
>Encryption is done by the client using an encrytion key that it create and
>since the key is never passed from client to server, there is no way for
>the
>server to de-crypt the data before storage.
>
>Please let me know, as I would like to look at the documentation.
>
>Jack
>>
>> From: Pétur Eyþórsson <peddi AT ITN DOT IS>
>> Date: 2002/04/02 Tue AM 07:04:45 EST
>> To: ADSM-L AT VM.MARIST DOT EDU
>> Subject: don´t aynone know anything about Encryption in TSM.
>>
>> Hi i have posted this 2 times before here but havent receved a reply
>yet.
>> thus led me to belive that knowlegde on this is wery limited.
>>
>> I have a big custemer who is considerating TSM for there backup system.
>> However, they will be needing to take some of there backup offsite.
>> They have extremly valible data witch may not get in the wrong hands.
>>
>> I have been reading up on Encryption in TSM and found it to be only
>desingd
>> to protect the data on the way
>> to the TSM server. I found no info on werther the data would be
>Encrypted
>in
>> the storage pools.
>>
>> My question.
>>
>> Is it possible to make Backupset, and be sure no-one can use it if it
>gets
>> in the wrong hands (Encrypt it somehow.
>> How can a administrator be sure that no-one can restore his
>> copy-storage-pools. is it posible to encrypt the data somehow.
>> Is it possible to password protect the TSM Database, so that you can´t
>> restore it without a password.
>>
>>
>> what way can they take offsite backup and be sure that there data is
>safe,
>> even if the bad guys get the tapes.
>>
>> Thanks in advance for any help.
>>
>> Kvedja/Regards
>> Petur Eythorsson
>> Taeknimadur/Technician
>> IBM Certified Specialist - AIX
>> Tivoli Storage Manager Certified Professional
>> Microsoft Certified System Engineer
>>
>> peddi AT itn DOT is
>>
>>  Nyherji Hf              Simi TEL: +354-569-7700
>>  Borgartun 37            105 Iceland
>>  URL:                    http://www.nyherji.is
>>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ADSM server restore, Justin Derrick
Next by Date:  Re: TSM Client Agent randomly stopping on Windows 2000 SP2, Tomás Hrouda
Previous by Thread:  RE: don´t aynone know anything about Encryption in TSM., Pétur Eyþórsson
Next by Thread:  RE: don´t aynone know anything about Encryption in TSM., Pétur Eyþórsson
Indexes:  [Date] [Thread] [Top] [All Lists]