1) In TDP for Oracle version 5.5.2 it is coming in TSM Server activity log:
q act or=client node=LPAR05_ORA begint=01/12/2010
ANE4991I (Session: 2536, Node: LPAR05_ORA) TDP Oracle AIX
ANU0599 TDP for Oracle: (4997220): =>(LPAR05_ORA)
ANU2526I Backup details for backup piece
/ifns_ifns///LPAR05/ifns.11.1.54535.1.708019250 (database "IFNSDB").
Total bytes sent: 6077546496.
Total processing time: 00:08:05.
Throughput rate: 12237.33Kb/Sec.
Compressed: Yes , 59%.
Encryption: AES_128BIT.
LAN-Free: No.
2) For previous versions it was possible to see it only by enabling trace. I
have got it from IBM support to prove encryption for auditors.
To enable appropriate trace in dsm.opt for API:
TRACEFILE /home/oracle/admin/tdpo/tsmapi.trace
traceflag api pid tid
traceflag api api_detail pid tid
3) We are encrypting database dumps as well. To prove encryption for regular
files like dump file:
[LPAR05][/]>dsmc query backup "/backup05/exp/patm/*.dmp.Z" -detail
-traceflags=query
IBM Tivoli Storage Manager
Command Line Backup-Archive Client Interface
Client Version 6, Release 1, Level 3.0
Client date/time: 01/13/10 08:32:55
(c) Copyright by IBM Corporation and other(s) 1990, 2009. All Rights Reserved.
Node Name: LPAR05
Session established with server BKME: AIX-RS/6000
Server Version 5, Release 5, Level 4.0
Data compression forced on by the server
Server date/time: 01/13/10 08:32:55 Last access: 01/12/10 16:53:54
Size Backup Date Mgmt Class
A/I File
------------------- ---------------------- ----------
--- ----
3,364,377,603 B 01/06/10 18:09:24 FSLPAR05 A
/backup05/exp/patm/exppatm.dmp.Z
Modified: 01/12/10 04:46:54 Accessed: 01/12/10 17:00:19
Compressed:NO EncryptType:IBM_128BIT_AES
[LPAR05][/]>
I hope it is clear for you.
Grigori G. Solonovitch
Senior Technical Architect
Information Technology Bank of Kuwait and Middle East http://www.bkme.com
Phone: (+965) 2231-2274 Mobile: (+965) 99798073 E-Mail: G.Solonovitch AT bkme
DOT com
Please consider the environment before printing this Email
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Fred Johanson
Sent: Wednesday, January 13, 2010 1:08 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Excrypting Exchange Data
Grigori,
The ORACLE guys want to know how you test to see that files are really
encrypted?
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Grigori Solonovitch
Sent: Tuesday, January 12, 2010 6:16 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Excrypting Exchange Data
Unfortunately, I have no experience in encryption TDP for Exchange backups.
For Oracle database we are using:
1) in dsm.sys:
Encryptiontype AES128
Encryptkey generate
InclExcl /backup/tsm/ba/InclExcl.list
2) in Include/Exclude list:
include /ifns_ifns/.../* DBLPAR05
3) from activity log:
ANE4991I (Session: 2536, Node: LPAR05_ORA) TDP Oracle AIX
ANU0599 TDP for Oracle: (4997220): =>(LPAR05_ORA)
ANU2526I Backup details for backup piece
/ifns_ifns///LPAR05/ifns.11.1.54535.1.708019250 (database "IFNSDB").
Total bytes sent: 6077546496.
Total processing time: 00:08:05.
Throughput rate: 12237.33Kb/Sec.
Compressed: Yes , 59%.
Encryption: AES_128BIT.
LAN-Free: No.
Grigori G. Solonovitch
Senior Technical Architect
Information Technology Bank of Kuwait and Middle East http://www.bkme.com
Phone: (+965) 2231-2274 Mobile: (+965) 99798073 E-Mail: G.Solonovitch AT bkme
DOT com
Please consider the environment before printing this Email
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Stefan Folkerts
Sent: Tuesday, January 12, 2010 2:58 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Excrypting Exchange Data
What is supposed to be a walk in the park (when reading the very limited amount
of documentation on encryption in the protection for mail (exchange)
documentation) is turning into a little bit of a headache. :)
I currenty have my exchange dsm.opt setup like this ;
enableclientencryptkey yes
encryptiontype AES128
INCLUDE.ENCRYPT *\...\*
Also tried ;
include.encrypt "SERVERNAME\First Storage Group\...\*"
Doesn't change the situation, it still doesn't work.
I get NO request for key input, I am 100% sure this is not done before and I
cannot seem to see my error here..please somebody point me at the error in my
ways!
It would be great if somebody could post his dsm.opt file for an encrypted
Exchange server.
Regards,
Stefan
Please consider the environment before printing this Email.
________________________________
"This email message and any attachments transmitted with it may contain
confidential and proprietary information, intended only for the named
recipient(s). If you have received this message in error, or if you are not the
named recipient(s), please delete this email after notifying the sender
immediately. BKME cannot guarantee the integrity of this communication and
accepts no liability for any damage caused by this email or its attachments due
to viruses, any other defects, interception or unauthorized modification. The
information, views, opinions and comments of this message are those of the
individual and not necessarily endorsed by BKME."
|