Re: don´t aynone know anything about Encryption in TSM.
2002-04-04 00:30:17
Subject: |
Re: don´t aynone know anything about Encryption in TSM. |
From: |
Andrew Raibeck <storman AT US.IBM DOT COM> |
Date: |
Wed, 3 Apr 2002 23:28:54 -0500 |
>> What could a customer do for DR of a client which lost it's encryption key
and needed to restore data from the TSM backup (encrypted). <<
Start guessing, I suppose. Other than that, they would be out of luck.
Like I said below:
"someone intercepting the TSM server database and storage pool volumes
could not restore the data without the encryption key (unless they can
hack it, but then any encryption scheme is subject to hacking)."
While that was presumably in the context of someone illegitimately trying
to access the data, that isn't really pertinent. No matter who is trying
to access the data, legitimate or now, they won't be able to get the data
without the encryption key. There is nothing we at IBM can do to get the
data back, as we build no "back doors" into the product (if we did, that
would be a potential security issue).
Someone else made a post on this topic and mentioned something about
encryption key management. I am not familiar with the formalities of this
discipline, but it seems to me that if you are going to start encrypting
your TSM data, you should consider implementing policies for managing
encryption keys.
Regards,
Andy
Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com
The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.
"Joshua S. Bassi" <jbassi AT IHWY DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
04/03/2002 16:28
Please respond to "ADSM: Dist Stor Manager"
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: RE: don´t aynone know anything about Encryption in TSM.
Andy,
What could a customer do for DR of a client which lost it's encryption
key and needed to restore data from the TSM backup (encrypted).
--
Joshua S. Bassi
Joshua S. Bassi
Sr. Solutions Architect @ rs-unix.com
IBM Certified - AIX/HACMP, SAN, Shark
Tivoli Certified Consultant- ADSM/TSM
Cell (415) 215-0326
|
|
|