ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] TDP for SAP issue

2015-12-10 08:34:43
Subject: Re: [ADSM-L] TDP for SAP issue
From: Martin Janosik <martin.janosik AT CZ.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 10 Dec 2015 14:31:44 +0100 
Hello Eric,

if you start dsmc and look up help for 'encryptiontype' parameter, will
find exactly this info which state AES128 is default value.

Syntax

                   .-AES128-.
>>-ENCRYPTIONType--+--------+----------------------------------><
                   '-DES56--'

Parameters

AES128
   AES 128-bit data encryption. AES 128-bit data encryption provides a
   stronger form of data encryption than DES 56-bit data encryption.
   This is the default.

DES56
   DES 56-bit data encryption.

Hope that helps

Martin J.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/10/2015
11:28:27 AM:

> From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> To: ADSM-L AT VM.MARIST DOT EDU
> Date: 12/10/2015 11:29 AM
> Subject: Re: [ADSM-L] TDP for SAP issue
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
> Hi Martin!
> You stated " By default AES128 encryption library is attempted". Is
> that true? By default there is no ENCRYPTIONTYPE parameter in the
> dsm.sys which means no encryption at all.
> Kind regards,
> Eric van Loon
> AF/KLM Storage Engineering
>
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On
> Behalf Of Martin Janosik
> Sent: donderdag 10 december 2015 10:46
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: TDP for SAP issue
>
> Hi Eric,
>
> during API initialization some libraries are loaded even if they are
> not used at all - ie ssl libraries can be loaded even though SSL is
> not used for client-server connection. This same applies also to
> encryption libraries. By default AES128 encryption library is attempted.
> But some older TDP applications are not happy if it tries to load
> AES128 encryption library that was installed as part of newer TSM
> API. In this case you need to fallback to DES56 encryption library
> (even if you do not intent to use them).
>
> Bye
>
> Martin J.
>
> "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/10/2015
> 09:05:05 AM:
>
> > From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> > To: ADSM-L AT VM.MARIST DOT EDU
> > Date: 12/10/2015 09:06 AM
> > Subject: Re: [ADSM-L] TDP for SAP issue Sent by: "ADSM: Dist Stor
> > Manager" <ADSM-L AT VM.MARIST DOT EDU>
> >
> > Hi Martin!
> > Like I specified in my mail, I do not want to use encryption at all!
> > Encryption is killing for deduplication. But it's a bug that the TDP
> > 6.2 client requires encryption to be switched on before it's working
> > with the 7.1 API...
> > Kind regards,
> > Eric van Loon
> > AF/KLM Storage Engineering
> >
> > -----Original Message-----
> > From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> > Of Martin Janosik
> > Sent: woensdag 9 december 2015 16:59
> > To: ADSM-L AT VM.MARIST DOT EDU
> > Subject: Re: TDP for SAP issue
> >
> > Hello,
> >
> > by specifying 'ENCRYPTIONType DES56' in dsm.sys stanza you are just
> > overwriting default value that is 'ENCRYPTIONType AES128'.
> > If you want to enable encryption for your customer's backup, you need
> > to specify it explicitly - via 'include.encrypt /.../*' in your
> > include/exclude list or client option set.
> > Have a look on
> > http://www-304.ibm.com/support/knowledgecenter/SSGSG7_7.1.0/
> > com.ibm.itsm.client.develop.doc/c_encryp_transp.html
> >
> >
> > Martin J.
> >
> > "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/09/2015
> > 03:00:36 PM:
> >
> > > From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> > > To: ADSM-L AT VM.MARIST DOT EDU
> > > Date: 12/09/2015 03:02 PM
> > > Subject: [ADSM-L] TDP for SAP issue
> > > Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
> > >
> > > Hi guys!
> > > One of my customers has an issue on his TDP for SAP clients. They
> > > are using TDP for SAP 6.2 and recently we upgraded all TSM clients to
7.1.
> > > This caused the TDP clients to fail with the following error:
> > >
> > > ANS1463E (RC5801) Unexpected error in cryptography library.
> > >
> > > In the API error log:
> > >
> > > 11/02/15 14:27:04 ANS1467E ICC routine ICC_SetValue
> > > (ICC_FIPS_APPROVED_MODE) returned: majRC = 2, minRC = 2, desc =
> > > 'Invalid data value: icclib.c:921'.
> > >
> > > We do not use any encryption, but as soon as the customer adds the
> > > line ENCRYPTIONTYPE DES56 to the dsm.sys, the backup works! So
> > > that's what he did, but now I have an issue, because encryption is
> > > killing for the deduplication on the backend Data Domain...
> > > IBM won't help me with this bug because TDP for SAP 6.2 is out of
> > > support. The customer does not want to upgrade to TDP for SAP 7.1.3
> > > yet because they need to validate this version first.
> > > I could downgrade the BA/API client to 6.2, but then I have to force
> > > a full back up again for the BA client, because restoring 7.1 data
> > > with a 6.2 client will most likely not work. So I was hoping to find
> > > some work-around. Is it maybe possible to somehow install the 6.2
> > > API next to the 7.1 API? In that case I need to figure out how to
> > > make the TDP client use this API version only...
> > > Thank you very much for any help in advance!
> > > Kind regards,
> > > Eric van Loon
> > > AF/KLM Storage Engineering
> > >
> > > ********************************************************
> > > For information, services and offers, please visit our web site:
> > > http://www.klm.com. This e-mail and any attachment may contain
> > > confidential and privileged material intended for the addressee only.
> > > If you are not the addressee, you are notified that no part of the
> > > e-mail or any attachment may be disclosed, copied or distributed,
> > > and that any other action related to this e-mail or attachment is
> > > strictly prohibited, and may be unlawful. If you have received this
> > > e-mail by error, please notify the sender immediately by return
> > > e-mail, and delete this message.
> > >
> > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/
> > > or its employees shall not be liable for the incorrect or incomplete
> > > transmission of this e-mail or any attachments, nor responsible for
> > > any delay in receipt.
> > > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal
> > > Dutch Airlines) is registered in Amstelveen, The Netherlands, with
> > > registered number 33014286
> > > ********************************************************
> > >
> > ********************************************************
> > For information, services and offers, please visit our web site:
> > http://www.klm.com. This e-mail and any attachment may contain
> > confidential and privileged material intended for the addressee only.
> > If you are not the addressee, you are notified that no part of the
> > e-mail or any attachment may be disclosed, copied or distributed, and
> > that any other action related to this e-mail or attachment is strictly
> > prohibited, and may be unlawful. If you have received this e-mail by
> > error, please notify the sender immediately by return e-mail, and
> > delete this message.
> >
> > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/ or
> > its employees shall not be liable for the incorrect or incomplete
> > transmission of this e-mail or any attachments, nor responsible for
> > any delay in receipt.
> > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal
> > Dutch Airlines) is registered in Amstelveen, The Netherlands, with
> > registered number 33014286
> > ********************************************************
> >
> >
> ********************************************************
> For information, services and offers, please visit our web site:
> http://www.klm.com. This e-mail and any attachment may contain
> confidential and privileged material intended for the addressee
> only. If you are not the addressee, you are notified that no part of
> the e-mail or any attachment may be disclosed, copied or
> distributed, and that any other action related to this e-mail or
> attachment is strictly prohibited, and may be unlawful. If you have
> received this e-mail by error, please notify the sender immediately
> by return e-mail, and delete this message.
>
> Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/
> or its employees shall not be liable for the incorrect or incomplete
> transmission of this e-mail or any attachments, nor responsible for
> any delay in receipt.
> Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal
> Dutch Airlines) is registered in Amstelveen, The Netherlands, with
> registered number 33014286
> ********************************************************
>
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] TDP for SAP issue, Loon, EJ van (ITOPT3) - KLM
Next by Date:  Re: [ADSM-L] TSM troubles, Matthew McGeary
Previous by Thread:  Re: [ADSM-L] TDP for SAP issue, Loon, EJ van (ITOPT3) - KLM
Next by Thread:  Re: [ADSM-L] TDP for SAP issue, Loon, EJ van (ITOPT3) - KLM
Indexes:  [Date] [Thread] [Top] [All Lists]