You can turn on compression in the TSM clients (at TSM 5.3 clients you
can use AES128 encryption, and with the TSM 5.3 server you can turn on
encryption for TDP clients). But you must be VERY VERY CAREFUL with key
management; if you lose the keys, you're toast and will NEVER get the
data back. TSM client encryption is VERY easy to implement. Key
management is hard.
Or, you can do the encryption in hardware:
You can put encryption devices in your network, so that all the data is
encrypted BEFORE it reaches the TSM server.
Or you can put an encrytpion device between your TSM server and your
tape drives.
Hardware is probably more expensive to implement, but IMHO easier to
manage since your encryption occurs at ONE point.
Those are your choices. All are difficult, expensive (in terms of
people time or $ or both), and ugly to manage.
Wanda Prather
"I/O, I/O, It's all about I/O" -(me)
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Murray, Jim
Sent: Friday, January 13, 2006 8:30 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: tape encryption and TSM
I would be more interested in the answer not so much as recovery of data
but in securing data. Being a financial institution we have regulatory
requirements for data protection, new State laws say I must encrypt all
data on tape that is moved off site.
Jim Murray
Senior Systems Engineer
Liberty Bank
860.638.2919
jmurray AT liberty-bank DOT com
~~~~~~ _/) ~~~~~~~~~~
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Aaron Becar
Sent: Thursday, January 12, 2006 8:00 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: tape encryption and TSM
Unless you are willing to spen $500 an hour and send your tapes to
Dallas, at a rate of I believe it was 8MB an hour they can rebuild your
database. Then you can get data off your tape. So, yea it is pretty
difficult. Just don't loose your encryption keys! Then you should be
okay! Wish I had a better answer!
>>> GEOFFREY.L.GILL AT SAIC DOT COM 1/12/2006 2:24:58 PM >>>
I know the topic of reading tapes written by TSM without having the DB
has come up before, but I'm wondering if anything has changed from a
couple of years ago with the implementation of 5.3 so here are a few
questions.
How hard is it to read tapes without the TSM database tape?
Is there any tape encryption with TSM 5.3?
Besides encrypting data from the client to the server is there anything
else that can be done?
What type of hit does encryption take on the client/server when in use?
Thanks,
Geoff Gill
TSM Administrator
SAIC M/S-G1b
(858)826-4062
Email: <mailto:geoffrey.l.gill AT saic DOT com> geoffrey.l.gill AT saic DOT com
________________________________________________
Unless you have received this email through the Liberty bank secure
email system, before you respond, please consider that any unencrypted
e-mail that is sent to us is not secure. If you send regular e-mail to
Liberty Bank, please do not include any private or confidential
information such as social security numbers, unlisted telephone numbers,
bank account numbers, personal income information, user names,
passwords, etc. If you need to provide us with such information, please
telephone us at (888)570-0773 during business hours or write to us at
315 Main St. Middletown, CT 06457.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the intended recipient of this message you are
hereby notified that any use, review, retransmission, dissemination,
distribution, reproduction or any action taken in reliance upon this
message is prohibited and may be unlawful. If you received this in
error, please contact the sender and delete the material from any
computer without disclosing it. Any views expressed in this message are
those of the individual sender and may not necessarily reflect the views
of the Bank. Thank you.
________________________________________________
|
