ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ADSM-L] AW: [ADSM-L] Move Encryption Key to another machine

2009-01-23 03:01:17
Subject: [ADSM-L] AW: [ADSM-L] Move Encryption Key to another machine
From: Thomas Rupp <Thomas.Rupp AT ILLWERKE DOT AT>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 23 Jan 2009 09:00:21 +0100 
Sorry, that was missing from my posting.
Our admin used regedit export/import to move the TSM registry keys to another 
machine.
Keys moved:
HKEY_LOCAL_MACHINE\SOFTWARE\IBM\ADSM\CurrentVersion\Nodes\<nodename>\<tsmserver>

This is what I think how TSM works:
The encryption key is encrypted using the hostname returned by the operating 
sytem.
Then the encryption key is saved in the registry.
To backup or restore data TSM needs to decrypt the encryption key using the 
hostname
returned by the operating system.
That's why I think you can't move the encrypted key to another machine. TSM 
would use
the hostname returned by the operating system (this is not the same as on the 
original
machine) to decrypt the encryption key. Here TSM would return an error because 
the
decryption fails.

But when we moved the registry keys to another machine (different hostname) TSM 
didn't
ask for the encryption key. In our opinion this is a security flaw. 
We want to use encryption so that data can only be restored to the original 
machine (=
hostname).

I hope I could make myself clear. Please excuse my bad english but - 
unfortunately - 
I'm no native speaker.

Thanks 
Thomas Rupp


-----Ursprüngliche Nachricht-----
Von: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] Im Auftrag 
von Wanda Prather
Gesendet: Freitag, 23. Jänner 2009 02:17
An: ADSM-L AT VM.MARIST DOT EDU
Betreff: Re: [ADSM-L] Move Encryption Key to another machine


I'm confused;  TSM doesn't support restoring system state to a different
hostname, so I don't know what would be considered "working as designed" in
that case!

How are you moving the registry?

Vorarlberger Illwerke Aktiengesellschaft ein Unternehmen von illwerke vkw
Rechtsform: Aktiengesellschaft, Sitz: Bregenz, Firmenbuchnummer: FN 59202m
Firmenbuchgericht: LG Feldkirch, DVR 0008753, UID-Nr.: ATU 36737402

Vorarlberger Kraftwerke Aktiengesellschaft ein Unternehmen von illwerke vkw
Rechtsform: Aktiengesellschaft, Sitz: Bregenz, Firmenbuchnummer: FN58920y
Firmenbuchgericht: LG Feldkirch, DVR 0027961, UID-Nr.: ATU 36737304
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Client Data Expiration..., KIRAN-SYSTEMS
Next by Date:  Re: [ADSM-L] AW: [ADSM-L] Move Encryption Key to another machine, Wanda Prather
Previous by Thread:  Re: [ADSM-L] Move Encryption Key to another machine, Wanda Prather
Next by Thread:  Re: [ADSM-L] AW: [ADSM-L] Move Encryption Key to another machine, Wanda Prather
Indexes:  [Date] [Thread] [Top] [All Lists]