I have a customer that requires all data to be encrypted. We started with the 
file servers and that was easy enough. I just made sure to add the 
encryptiontype and include.encrpyt entries to the dsm.opt file. I then backed 
up a file and was promted for the key. We typed the key and everything is 
encrypted.  Having to type this key for every server is a real pain and it 
eliminates the possibilty of completly automating the install.
   
  Then we started working with encryption for the TDP for SQL.  I see that it 
uses the option enableclientencryptkey which actually generates a key 
automatically and stores it on the TSM server. It also looks like that is a 
function of the API. So, why in the heck can't I do the same thing with the 
real BA Client.  I'd like it to just automatically generate a key as well.  
Then we can automate all the installs, never have to type a key and the data 
will also be encrypted.
   
  Unless I'm missing something and you can use that option with the BA Client 
but there is zero mention of enableclientencryptkey in any of the BA client 
manuals.
   
  Now, I added the option to the BAClient dsm.opt. It started without erroring. 
I ran q opt and it shows that it is set.  From other reading I this is there 
for the VSS backup capabilities.  Anyway, even with the option set in that 
dsm.opt file I still am prompted to provide a key.
   
  Kyle

                
---------------------------------
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail.