Re: [ADSM-L] Excrypting Exchange Data

1) In TDP for Oracle version 5.5.2 it is coming in TSM Server activity log:



q act or=client node=LPAR05_ORA begint=01/12/2010

ANE4991I (Session: 2536, Node: LPAR05_ORA)  TDP Oracle AIX

ANU0599  TDP for Oracle: (4997220): =>(LPAR05_ORA)

ANU2526I Backup details for backup piece 
/ifns_ifns///LPAR05/ifns.11.1.54535.1.708019250 (database "IFNSDB").

Total bytes sent:         6077546496.

Total processing time: 00:08:05.

Throughput rate:         12237.33Kb/Sec.

Compressed:       Yes , 59%.

Encryption:         AES_128BIT.

LAN-Free:          No.



2) For previous versions it was possible to see it only by enabling trace. I 
have got it from IBM support to prove encryption for auditors.

To enable appropriate trace in dsm.opt for API:



TRACEFILE /home/oracle/admin/tdpo/tsmapi.trace

traceflag api pid tid

  traceflag api api_detail pid tid



3) We are encrypting database dumps as well. To prove encryption for regular 
files like dump file:



[LPAR05][/]>dsmc query backup "/backup05/exp/patm/*.dmp.Z" -detail 
-traceflags=query

IBM Tivoli Storage Manager

Command Line Backup-Archive Client Interface

  Client Version 6, Release 1, Level 3.0

  Client date/time: 01/13/10   08:32:55

(c) Copyright by IBM Corporation and other(s) 1990, 2009. All Rights Reserved.

Node Name: LPAR05

Session established with server BKME: AIX-RS/6000

  Server Version 5, Release 5, Level 4.0

  Data compression forced on by the server

  Server date/time: 01/13/10   08:32:55  Last access: 01/12/10   16:53:54

 Size                     Backup Date                      Mgmt Class           
A/I   File

 -------------------   ----------------------             ----------            
    ---   ----

 3,364,377,603  B  01/06/10   18:09:24             FSLPAR05             A    
/backup05/exp/patm/exppatm.dmp.Z

                Modified: 01/12/10   04:46:54   Accessed: 01/12/10   17:00:19

                Compressed:NO                   EncryptType:IBM_128BIT_AES

[LPAR05][/]>



I hope it is clear for you.







Grigori G. Solonovitch



Senior Technical Architect



Information Technology  Bank of Kuwait and Middle East  http://www.bkme.com



Phone: (+965) 2231-2274  Mobile: (+965) 99798073  E-Mail: G.Solonovitch AT bkme 
DOT com



Please consider the environment before printing this Email





-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Fred Johanson
Sent: Wednesday, January 13, 2010 1:08 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Excrypting Exchange Data



Grigori,



The ORACLE guys want to know how you test to see that files are really 
encrypted?







-----Original Message-----

From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Grigori Solonovitch

Sent: Tuesday, January 12, 2010 6:16 AM

To: ADSM-L AT VM.MARIST DOT EDU

Subject: Re: [ADSM-L] Excrypting Exchange Data



Unfortunately, I have no experience in encryption TDP for Exchange backups.



For Oracle database we are using:







1) in dsm.sys:



   Encryptiontype         AES128



   Encryptkey               generate



   InclExcl                    /backup/tsm/ba/InclExcl.list







2) in Include/Exclude list:



include /ifns_ifns/.../* DBLPAR05







3) from activity log:



ANE4991I (Session: 2536, Node: LPAR05_ORA)  TDP Oracle AIX



ANU0599  TDP for Oracle: (4997220): =>(LPAR05_ORA)



ANU2526I Backup details for backup piece 
/ifns_ifns///LPAR05/ifns.11.1.54535.1.708019250 (database "IFNSDB").



Total bytes sent:         6077546496.



Total processing time: 00:08:05.



Throughput rate:         12237.33Kb/Sec.



Compressed:       Yes , 59%.



Encryption:         AES_128BIT.



LAN-Free:          No.



















Grigori G. Solonovitch







Senior Technical Architect







Information Technology  Bank of Kuwait and Middle East  http://www.bkme.com







Phone: (+965) 2231-2274  Mobile: (+965) 99798073  E-Mail: G.Solonovitch AT bkme 
DOT com







Please consider the environment before printing this Email











-----Original Message-----

From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Stefan Folkerts

Sent: Tuesday, January 12, 2010 2:58 PM

To: ADSM-L AT VM.MARIST DOT EDU

Subject: [ADSM-L] Excrypting Exchange Data







What is supposed to be a walk in the park (when reading the very limited amount 
of documentation on encryption in the protection for mail (exchange) 
documentation) is turning into a little bit of a headache. :)







I currenty have my exchange dsm.opt setup like this ;







enableclientencryptkey yes



encryptiontype AES128



INCLUDE.ENCRYPT *\...\*











Also tried ;







include.encrypt "SERVERNAME\First Storage Group\...\*"







Doesn't change the situation, it still doesn't work.







I get NO request for key input, I am 100% sure this is not done before and I 
cannot seem to see my error here..please somebody point me at the error in my 
ways!







It would be great if somebody could post his dsm.opt file for an encrypted 
Exchange server.







Regards,







  Stefan







Please consider the environment before printing this Email.



________________________________

"This email message and any attachments transmitted with it may contain 
confidential and proprietary information, intended only for the named 
recipient(s). If you have received this message in error, or if you are not the 
named recipient(s), please delete this email after notifying the sender 
immediately. BKME cannot guarantee the integrity of this communication and 
accepts no liability for any damage caused by this email or its attachments due 
to viruses, any other defects, interception or unauthorized modification. The 
information, views, opinions and comments of this message are those of the 
individual and not necessarily endorsed by BKME."