ADSM-L

Re: [ADSM-L] How to verify that the TSM Client Data is encrypted in the TSM Server

2010-02-09 00:46:42
Subject: Re: [ADSM-L] How to verify that the TSM Client Data is encrypted in the TSM Server
From: Grigori Solonovitch <G.Solonovitch AT BKME DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 9 Feb 2010 08:44:39 +0300
Which version of TDP for Oracle are you using in AIX, Linux and Windows?
I know exactly not all TDP versions are writing into activity log.
Maybe your problem is coming from hire. Just upgrade TDP to 5.5.2 and check 
again.

Grigori G. Solonovitch

Senior Technical Architect

Information Technology  Bank of Kuwait and Middle East  http://www.bkme.com

Phone: (+965) 2231-2274  Mobile: (+965) 99798073  E-Mail: G.Solonovitch AT bkme 
DOT com

Please consider the environment before printing this Email


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Fred Johanson
Sent: Tuesday, February 09, 2010 6:28 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] How to verify that the TSM Client Data is encrypted in 
the TSM Server

I started this last month, but I was out for more than 2 weeks, so let me 
recapitulate where we stand and what we know and what we need to know.

The ANU2526I message in the ActLog is sufficient evidence that encryption is 
taking place, so any Trace API is unnecessary.  That means the user has to 
verify thru central administration.  There seems to be no way for the user to 
verify this IF the TDPO is registered as a client distinct from the machine it 
lives on.  Therefor, "dsmc q ba /oracle -detail" returns nothing, and there is 
no comparable command on TDPO.  Issuing "tdpoconf showenv" also returns 
nothing; compression yes, encryption no.

What we have determined, from the ActLog, is that encryption is working with 
TDPO on all our AIX hosts.  However, using the same configuration syntax, it 
does not work on LINUX or SUN hosts.  We have tried the host's dsm.opt as well 
as TDPO.OPTFILE and DSMI_ORC_CONFIG(I think).  The first 2 produce nothing, 
while the third causes a parsing error on the options file.

SO, if there's anyone out there who is encrypting ORACLE on a LINUX or SUN box, 
please share with us where the encryption stanza should go.


________________________________________
From: ADSM: Dist Stor Manager [ADSM-L AT vm.marist DOT edu] On Behalf Of 
Grigori Solonovitch [G.Solonovitch AT BKME DOT COM]
Sent: Friday, February 05, 2010 4:37 PM
To: ADSM-L AT vm.marist DOT edu
Subject: Re: [ADSM-L] How to verify that the TSM Client Data is encrypted in 
the TSM Server

It is possible to enable trace for API. Subject has been discussed in the forum 
already. Could you search ADSM-L archive?

________________________________________
From: ADSM: Dist Stor Manager [ADSM-L AT VM.MARIST DOT EDU] On Behalf Of Abid 
Ilias [ailias AT UCHICAGO DOT EDU]
Sent: Saturday, February 06, 2010 12:42 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] How to verify that the TSM Client Data is encrypted in the 
TSM Server

Hello TSM Group

Is there any other way to find out if the data is encrypted in TSM Server other 
than looking into the activity log.    We are enabled the encryption option at 
the client end and it seem to work on AIX and having problem getting it to work 
on Linux platform.


ANE4991I (Session: 375407, Node: HANDEL-DB)  TDP Oracle
                          AIX ANU0599  TDP for Oracle: (798816): =>(handel-db)
                          ANU2526I Backup details for backup piece
                          /oracle//TRACSDEV_DB_0205_k2l58c1u_1_1.bkp (database
                          "TRACSDEV"). Total bytes sent: 5055971328. Total
                          processing time: 00:07:29. Throughput rate:
                          10996.60Kb/Sec. Compressed: No . Encryption: 
AES_128BIT.
                          LAN-Free: No.(SESSION: 375407)

Thanks
Abid

Please consider the environment before printing this Email.

"This email message and any attachments transmitted with it may contain 
confidential and proprietary information, intended only for the named 
recipient(s). If you have received this message in error, or if you are not the 
named recipient(s), please delete this email after notifying the sender 
immediately. BKME cannot guarantee the integrity of this communication and 
accepts no liability for any damage caused by this email or its attachments due 
to viruses, any other defects, interception or unauthorized modification. The 
information, views, opinions and comments of this message are those of the 
individual and not necessarily endorsed by BKME."