ADSM-L

Re: Encryption - logging

2006-08-16 19:53:50
Subject: Re: Encryption - logging
From: TSM_User <tsm_user AT YAHOO DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 16 Aug 2006 16:52:49 -0700
Don't forget if that is the desire that the web gui runs under the local system 
account (in windows land) and it may have the ability to restore another users 
file to a different location. So you may not want to use the TSM web client 
feature on that particular server.

Henrik Wahlstedt <SHWL AT STATOIL DOT COM> wrote:  Thanks for the answer and 
good point, btw it´s not my file, it is some HR data... The customer is worried 
about who can restore data/alter the logs if we are able to produce them etc 
etc. 

//Henrik

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Allen S. Rout
Sent: 16. august 2006 16:29
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Encryption - logging

>> On Wed, 16 Aug 2006 14:44:59 +0200, Henrik Wahlstedt said:


> So my questions are: Is the possible to do automated encrypted backups 
> but limit the restore functionality to thoose who knows encryption 
> password?

The only people who can restore are people who can log into your machine, and 
they can only restore files they can write. I'm confused about why I shouldn't 
be able to restore one of my files.

I'm poking that question because it feels like you're asking TSM to enforce a 
security restriction you haven't been able to enforce locally on the box. 
Trying to prevent root@yourbox from restoring something sounds like a tall 
order.




> How do I monitor restores on the TSM server in good way.

I haven't found a happy method. Consider, the logging there could be Really 
Extensive. I don't want to list somebody's 3-million filenames in my TSM 
serverlog.


- Allen S. Rout


-------------------------------------------------------------------
The information contained in this message may be CONFIDENTIAL and is
intended for the addressee only. Any unauthorised use, dissemination of the
information or copying of this message is prohibited. If you are not the
addressee, please notify the sender immediately by return e-mail and delete
this message.
Thank you.


                
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ 
countries) for 2¢/min or less.

<Prev in Thread] Current Thread [Next in Thread>