Re: [ADSM-L] tape encryption in TSM environment
2011-06-13 18:26:12
On 13 jun 2011, at 21:53, Keith Arbogast wrote:
> Someone here is not willing to bet his career on the reliability of a TSM
> server managed encryption key. He reasons that if a key is lost on the TSM
> server side of backups, the data could not be recovered, and we would be
> accountable. If a client admin loses an encryption key, he is accountable. So
> we do not use drive-based encryption, and tell our customers to use
> client-based encryption, specifying 'encryptkey save'.
>
> I cannot guarantee that TSM will never lose an application managed encryption
> key. Am I missing something?
>
> With my thanks,
> Keith Arbogast
if your devclass has drive encryption set to on, the database backups are still
unencrypted, so the changes of recovering your database are still as good as
they were without encryption.
--
Met vriendelijke groeten/Kind Regards,
Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622
|
|
|