|
Re: TDP's and Encryption and 5.3, Oh My....
2005-07-21 15:01:45
Hi Wanda,
You can do it if you are using the TSM API at the 5.3 level.
There are IBM knowledge base documents being written as we speak
that explains this.. here is a sneak peak:
=============================================================
Transparent encryption is only available on Tivoli Storage Manager server
Version 5.3.0 (or later). The Tivoli Storage Manager API
enableclientencryptkey option provides 128-bit transparent encryption of
SQL databases during Data Protection for SQL backup and restore
processing. One random encryption key is generated per session and is
stored on the Tivoli Storage Manager server with the object in the server
database. Although Tivoli Storage Manager manages the key, a valid
database must be available in order to restore an encrypted object.
You can encrypt your SQL databases during Data Protection for SQL backup
and restore processing by specifying enableclientencryptkey yes in the
client options file (dsm.opt) that is used by Data Protection for SQL. By
default, this file is located in the Data Protection for SQL installation
directory. In this same file, you must specify the databases you want
encrypted by adding an include statement with the include.encrypt option.
Perform the following tasks to encrypt your SQL databases:
1. Verify that you are running version 5.3.0 (or later) of the Tivoli
Storage Manager server and Tivoli Storage Manager API.
2. Edit the DSM.OPT file for the Data Protection client and add this
entry:
ENABLECLIENTENCRYPTKEY YES
3. Edit the DSM.OPT file for the Data Protection client and add your
include statements. For example:
To encrypt all SQL backup data, specify the following:
include.encrypt \...\*
To encrypt a specific SQL database named Db1, specify the following:
include.encrypt "\... \Db1\...\*"
=============================================================
Thanks,
Del
----------------------------------------------------
"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 07/21/2005
02:36:12 PM:
> OK, I'll admit it, I read the TSM 5.3 announcement doc and I don't
> understand it. t says:
> ------------------------------------------------------------
> The encryption available for backup-archive data with
> Tivoli Storage Manager is upgraded from 56-bit DES to
> 128-bit Advanced Encryption Standard (AES). Encryption
> is now also available for applications using the Tivoli
> Storage Manager API, which includes the Tivoli Storage
> Manager Data Protection Clients for applications and
> databases. New support for automatic key management
> can help enable use of encryption with API applications,
> often without any changes to the applications.
> ....
> The Tivoli Storage Manager V5.3 API and the Tivoli
> Storage Manager V5.3 server are required to exploit data
> encryption for the Data Protection components.
> ------------------------------------------------------------------------
> ---
> So, that implies that you CAN expoit data encryption for the Data
> Protection components, but I can't find any doc on how.
>
> -I know that you can turn on 128 bit encryption with a TSM 5.3 Windows
> or *IX client and a TSM 5.3 server.
> -I THINK you can turn on 128 bit encryption with a TSM 5.3 Windows or
> *IX client and a TSM 5.2.2 server (can anybody comment on that?).
> -I don't see any doc that says how to turn on encryption for the Data
> Protection component for Oracle or MSSQL. I've looked at the API doc
> that has the encryption SUPPORT, but don't see anything that says the
> TDP's are actually using it.
>
> SO, is this announcement just a "statement of direction", or what? Or
> will there be encryption support in the TDP's for 5.3, whenever they
> arrive? Somebody kindly point me to the right doc?
>
> Thanks
|
|
|
