Encryption - logging
2006-08-16 08:47:00
Hi,
I got one odd request today..
TSM client 5.3.4.0/w2k3.
Server 5.3.2.1/AIX
If I encypt my backups the password is either saved in the registry or
supplied from an operator during backup.
And if I want to restict the possibilities for users to do restores
without knowing the encryption password I cant save it in the registry,
can I?
If I save the encryption password in registry I can monitor restores on
my TSM server, right?
So, if I start a restore locally on my PC, dsmc -virtualnodename=XYZ
-tcps=TSM and use my admin ID/PW as login credentials.
And, restore \\XYZ\c$\cmdcons\* c:\temp\test\ -subdir=y
On TSM server
tsm: >q act begint=14:15 s=XYZ
16-08-2006 14:16:17 ANR0406I Session 563702 started for node XYZ
(WinNT)
(Tcp/Ip pc-391662.client.statoil.net(2251)).
(SESSION:
563702)
tsm: >q restore f=d
Sess Restore Elapsed Node Name
Filespace FSID File Spec
Number State Minutes
Name
------ ----------- ------- -------------------------
----------- ---------- ----------------------------------------
563,70 Active 2 XYZ
\\XYZ\c$ 1 \CMDCONS\**
Other queries like q act with s=restore, XYZ, my ID or Tcp/Ip doesnt
give me anything. I miss a couple of things that should be logged...
So my questions are:
Is the possible to do automated encrypted backups but limit the restore
functionality to thoose who knows encryption password?
How do I monitor restores on the TSM server in good way. Since the above
is not sufficient? (Accounting records??)
Thanks
Henrik
-------------------------------------------------------------------
The information contained in this message may be CONFIDENTIAL and is
intended for the addressee only. Any unauthorised use, dissemination of the
information or copying of this message is prohibited. If you are not the
addressee, please notify the sender immediately by return e-mail and delete
this message.
Thank you.
|
|
|