ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] TSM has built-in encryption?

2008-03-07 17:18:12
Subject: Re: [ADSM-L] TSM has built-in encryption?
From: Michael Stempf <junkmailformike AT GMAIL DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 7 Mar 2008 16:02:43 -0600 
I believe TSM can only encrypt up to AES 128 & DES 56, I do not believe it
has been updated to support AES 256.
Michael


On Thu, Mar 6, 2008 at 10:03 AM, Wanda Prather <wprather AT jasi DOT com> wrote:

> The TSM clients (including TDP's) can encrypt at AES 256.  You take a hit
> on
> performance for both backup and restore; you need to also turn on
> compression on the client, as encrypted data can't be compressed by the
> tape
> drive.
>
> If you want to encrypt using the backup client, I STRONGLY recommend you
> upgrade to 5.5, where the TSM server manages the keys for you.  Prior to
> that level, you have to maintain the keys manually; if you lose the keys
> and
> have to go to a DR site, you won't get your data back.  At 5.5, the keys
> are
> generated randomly and maintained in the TSM data base.  (The TDP's have
> the
> keys managed by the TSM data base starting at 5.3; for regular clients,
> that
> feature starts at 5.5).
>
> A better/cleaner method is encrypting outboard in the hardware.  Look into
> upgrading your drives to LTO4; then (with an additional feature code on
> your
> 3584) you can do the encryption outboard, with no performance hit.  TSM
> can
> still maintain the keys for you, if you want, or you can use an external
> key
> manager that IBM provides.
>
> Whether or not you can encrypt data that goes to your VTL outboard depends
> on your VTL vendor.
>
>
> On 3/6/08, Bell, Charles (Chip) <Chip.Bell AT bhsala DOT com> wrote:
> >
> > I am wondering what level of encryption TSM has as an application, if at
> > all.
> >
> >
> >
> >
> > We are running v5.4.2.0 on the server.
> >
> > We have a 3584 with LTO1 and LTO2, with copies of both going offsite to
> > Iron
> > Mountain.
> >
> > We have a VTL emulating 3592 for onsite use.
> >
> >
> >
> > God bless you!!!
> >
> > Chip Bell
> > Network Engineer I
> > IBM Tivoli Certified Deployment Professional
> > Baptist Health System
> > Birmingham, AL
> >
> >
> >
> >
> >
> >
> > -----------------------------------------
> > Confidentiality Notice:
> > The information contained in this email message is privileged and
> > confidential information and intended only for the use of the
> > individual or entity named in the address. If you are not the
> > intended recipient, you are hereby notified that any dissemination,
> > distribution, or copying of this information is strictly
> > prohibited. If you received this information in error, please
> > notify the sender and delete this information from your computer
> > and retain no copies of any of this information.
> >
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] TSM and Parallels Virtuozzo Containers?, Jim Zajkowski
Next by Date:  Re: [ADSM-L] TSM has built-in encryption?, Wanda Prather
Previous by Thread:  Re: [ADSM-L] TSM has built-in encryption?, Wanda Prather
Next by Thread:  Re: [ADSM-L] TSM has built-in encryption?, Wanda Prather
Indexes:  [Date] [Thread] [Top] [All Lists]