ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Encryption in TSM ??

2008-12-03 12:26:27
Subject: Re: [ADSM-L] Encryption in TSM ??
From: Bill Boyer <bjdboyer AT COMCAST DOT NET>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 3 Dec 2008 12:24:34 -0500 
Once you've installed the key manager application (IBM's) and created the
key store, that never changes. There are procedures for "cloning" the entire
key manager installation..put it on a 2nd box in a different location. At
least the TS3310 lets you put in 2 IPaddresses/ports for the key managers.
You can also then take that whole directory where the key manager is
installed, ZIP it up and store it on some secure USB memory device(s) and
keep them as part of your D/R kit offsite. The key store does not store the
encryption keys for each tape. Just as many keys as you configured during
the install. This is just 1 part that is used to build the actual encryption
key for the tape. For un-encrypting the tape, the library just verifies that
key with the key manager to ensure it's still valid.

So once you've done the install and configuration, the keystore is static.

Bill Boyer
DSS, inc.

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Chris Koster
Sent: Wednesday, December 03, 2008 10:39 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Encryption in TSM ??

Well, TSM does support encryption and works well as its own key manager.
However, this does not encrypt the TSM database. For this, you will need
an external key manager to encrypt database tapes. Of course, this
starts the whole discussion of then how do you backup the key manager
that's encrypting the backup server. So do you setup a 2nd backup
instance to backup the key manager which is encrypting the backups? And
so on and so on ...

If you want my advice, let TSM encrypt all your storage pool volumes and
send off the TSM database unencrypted via 2nd pickup with courier of
your choice. For the ultra-secure-sensitive type, select a second
courier service all together solely for database tapes.

- Chris


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Martin Panggabean
Sent: Wednesday, December 03, 2008 4:08 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Encryption in TSM ??

Dear TSM practitioner,

I want to ask what is best practice Encrytion in TSM ? I have plann to
encrypt every database backup using TSM, how many percent it would
effect the performance comparing backup not using encryption?

--
Best Regards,


Martin Panggabean
Technical Consultant
PT. Niaga Prima Paramitra
Ahmad Dahlan Avenue 25
Kebayoran Baru, Jakarta Selatan 12130
Indonesia
Ph     : +(6221)72799949
URL    : www.niagaprima.com
E-mail : martin.panggabean AT niagaprma DOT com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] multiple dsmcad's on windows ?, Howard Coles
Next by Date:  Re: [ADSM-L] multiple dsmcad's on windows ?, goc
Previous by Thread:  Re: [ADSM-L] Encryption in TSM ??, Mark Stapleton
Next by Thread:  [ADSM-L] Error running DB2 backups using TSM, Lori Grimaldi
Indexes:  [Date] [Thread] [Top] [All Lists]