ADSM-L

Re: [ADSM-L] tape encryption in TSM environment

2011-06-13 18:26:12
Subject: Re: [ADSM-L] tape encryption in TSM environment
From: Remco Post <r.post AT PLCS DOT NL>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 14 Jun 2011 00:21:30 +0200
On 13 jun 2011, at 21:53, Keith Arbogast wrote:

> Someone here is not willing to bet his career on the reliability of a TSM 
> server managed encryption key. He reasons that if a key is lost on the TSM 
> server side of backups, the data could not be recovered, and we would be 
> accountable. If a client admin loses an encryption key, he is accountable. So 
> we do not use drive-based encryption, and tell our customers to use 
> client-based encryption, specifying 'encryptkey save'.  
> 
> I cannot guarantee that TSM will never lose an application managed encryption 
> key.  Am I missing something?  
> 
> With my thanks,
> Keith Arbogast


if your devclass has drive encryption set to on, the database backups are still 
unencrypted, so the changes of recovering your database are still as good as 
they were without encryption. 

-- 
Met vriendelijke groeten/Kind Regards,

Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622

<Prev in Thread] Current Thread [Next in Thread>