ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] More tsm encryption questions

2012-03-22 16:03:36
Subject: Re: [ADSM-L] More tsm encryption questions
From: Bill Boyer <bjdboyer AT COMCAST DOT NET>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 22 Mar 2012 15:57:04 -0400 
With the ENCRYPTKEY GENERATE specified the client creates the key at the
beginning of the backup and that key is kept with the data stream stored on
the TSM server. When you restore this the key in the data stream is used. I
believe they also refer to this as transparent encryption.

The include.encrypt will only effect future backups, not any backups already
encrypted and stored on the TSM server.


Bill Boyer
"There are 10 kinds of people in the world. Those that understand binary and
those that don't." - ??




-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Steven Langdale
Sent: Thursday, March 22, 2012 2:21 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] More tsm encryption questions

They restored because the client had an encryption key, delete that, or
possibly the encryptiontype line and you will be prompted for it.

As for testing to see if they ARE encrypted, i think the client may say with
a q backup (but not sure).  The test I used was to try a restore after I had
removed the key file.

One aside, if you are using tape technology that compresses, the compression
will do down the drain.

Steven



On 22 March 2012 18:01, Lee, Gary <GLEE AT bsu DOT edu> wrote:

> Ok.  Think I have encryption working.
>
> Tried the following experiment.
>
> 1. Added these lines to dsm.opt
>
> encryptiontype aes128
> encryptkey generate
> include.encrypt "c:\Documents and Settings\glee.BSU\My
> Documents\crypt\...\*"
>
> 2. did an incremental backup to pick up the crypt folder just created
> and filled.
>
> 3. deleted all files starting with "phon"
>
> 4.  restored files starting with phon back to crypt folder, .  Went well.
>
> 5. commented all encryption related lines out of dsm.opt.
>
> 6. removed phone* from crypt folder again.
>
> 7. restored phone* back to crypt folder.
>
> I thought that with encryption lines removed from dsm.opt, either the
> encrypted files wouldn't restore, or would be restored as garbage.
> Not so. Restored perfectly.
>
> What have I missed?
> Also, is there a way to verify that the specified files are truly
> encrypted?
>
> Thanks again for the assistance.
>
>
>
>
> Gary Lee
> Senior System Programmer
> Ball State University
> phone: 765-285-1310
>
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ADSM-L] granular mailbox restore TDP 6.1, Anderson Douglas Da Silva
Next by Date:  Re: [ADSM-L] granular mailbox restore TDP 6.1, Del Hoobler
Previous by Thread:  Re: [ADSM-L] More tsm encryption questions, Steven Langdale
Next by Thread:  Re: [ADSM-L] More tsm encryption questions, Steven Langdale
Indexes:  [Date] [Thread] [Top] [All Lists]