ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] TSM has built-in encryption?

2008-03-07 17:34:47
Subject: Re: [ADSM-L] TSM has built-in encryption?
From: Wanda Prather <wprather AT JASI DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 7 Mar 2008 17:34:03 -0500 
You are of course correct.  It is AES 128.
My apologies!

W


On 3/7/08, Michael Stempf <junkmailformike AT gmail DOT com> wrote:
>
> I believe TSM can only encrypt up to AES 128 & DES 56, I do not believe it
> has been updated to support AES 256.
> Michael
>
>
> On Thu, Mar 6, 2008 at 10:03 AM, Wanda Prather <wprather AT jasi DOT com> 
> wrote:
>
> > The TSM clients (including TDP's) can encrypt at AES 256.  You take a
> hit
> > on
> > performance for both backup and restore; you need to also turn on
> > compression on the client, as encrypted data can't be compressed by the
> > tape
> > drive.
> >
> > If you want to encrypt using the backup client, I STRONGLY recommend you
> > upgrade to 5.5, where the TSM server manages the keys for you.  Prior to
> > that level, you have to maintain the keys manually; if you lose the keys
> > and
> > have to go to a DR site, you won't get your data back.  At 5.5, the keys
> > are
> > generated randomly and maintained in the TSM data base.  (The TDP's have
> > the
> > keys managed by the TSM data base starting at 5.3; for regular clients,
> > that
> > feature starts at 5.5).
> >
> > A better/cleaner method is encrypting outboard in the hardware.  Look
> into
> > upgrading your drives to LTO4; then (with an additional feature code on
> > your
> > 3584) you can do the encryption outboard, with no performance hit.  TSM
> > can
> > still maintain the keys for you, if you want, or you can use an external
> > key
> > manager that IBM provides.
> >
> > Whether or not you can encrypt data that goes to your VTL outboard
> depends
> > on your VTL vendor.
> >
> >
> > On 3/6/08, Bell, Charles (Chip) <Chip.Bell AT bhsala DOT com> wrote:
> > >
> > > I am wondering what level of encryption TSM has as an application, if
> at
> > > all.
> > >
> > >
> > >
> > >
> > > We are running v5.4.2.0 on the server.
> > >
> > > We have a 3584 with LTO1 and LTO2, with copies of both going offsite
> to
> > > Iron
> > > Mountain.
> > >
> > > We have a VTL emulating 3592 for onsite use.
> > >
> > >
> > >
> > > God bless you!!!
> > >
> > > Chip Bell
> > > Network Engineer I
> > > IBM Tivoli Certified Deployment Professional
> > > Baptist Health System
> > > Birmingham, AL
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----------------------------------------
> > > Confidentiality Notice:
> > > The information contained in this email message is privileged and
> > > confidential information and intended only for the use of the
> > > individual or entity named in the address. If you are not the
> > > intended recipient, you are hereby notified that any dissemination,
> > > distribution, or copying of this information is strictly
> > > prohibited. If you received this information in error, please
> > > notify the sender and delete this information from your computer
> > > and retain no copies of any of this information.
> > >
> >
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] TSM has built-in encryption?, Michael Stempf
Next by Date:  [ADSM-L] TDPSql emergency restore questions, Gill, Geoffrey L.
Previous by Thread:  Re: [ADSM-L] TSM has built-in encryption?, Michael Stempf
Next by Thread:  Re: [ADSM-L] TSM has built-in encryption?, Hans Christian Riksheim
Indexes:  [Date] [Thread] [Top] [All Lists]