ADSM-L

Re: [ADSM-L] Can a TSM server admin purloin client backups?

2011-10-25 17:19:50
Subject: Re: [ADSM-L] Can a TSM server admin purloin client backups?
From: "Ochs, Duane" <Duane.Ochs AT QG DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 25 Oct 2011 15:43:37 -0500
I guess that depends on the privs the TSM admin has to your servers. 

In my environment as the Senior TSM admin I have admin privs or root access to 
all the machines being backed up.
Which means I could in theory restore data to any server I wanted... however I 
could also copy data from one machine to another, in theory.

For other admins, in our environment, that do not have admin privs they don't 
have access to log into machines to configure a restore from another machine.

FYI: TSM admins could also change the password to a client machine to restore 
data anywhere, if they wanted.



-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Hart, Charles A
Sent: Tuesday, October 25, 2011 3:22 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Can a TSM server admin purloin client backups?

Nothing, it's a policy challenge if they has TSM Sys Admin rights.  Kind
of like a Cop that sells evidence or takes a bribe, a priest that
protects the young ... at some point you have to trust your admin or
fire them.  In my exp a node pw can be overridden with a Sys admin user
and pw.

Maybe I over simplified the situation.



-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Keith Arbogast
Sent: Tuesday, October 25, 2011 3:07 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Can a TSM server admin purloin client backups?

This question came up again here. If a TSM admin with system
authorization knows the client password for a certain TSM node, what
keeps him from restoring files from that node to another server of his
choosing?

Sorry to resuscitate this old horse.

With many thanks,
Keith  

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.