Discuss Encryption

We have a different approach.... we don't use TSM encryption at all. If an application needs encrytion then its the applications responsibility to develope an encrytion stradegy.

It should be noted that we don't physically move any tapes. We replicate via direct connect private fiber. We do not see a reason to encrypt data that is in a secure facility.
 
We started out with AME here with specific clients and are now in process of rolling out LME for everything. Things to note with LME:

A) Lose connection to EKM server and TSM will retry through all available drives, marking them offline as they error - so eventually all drives are offline.
B) Remove the key for a specific volume on the EKM server and you can't do anything with that volume if it's label has been encrypted until you force overwrite a new label in non-encrypted library. (ROYAL PAIN)
C) Switching from AME to LME is even bigger ROYAL PAIN!

I'm using 3592 rather than LTO, so issues may be lesser with that media.
 
Encryption solutions.

Guys

We are about to start using Library managed 3592 Drive encryption of offsite media sometime this year.

I know traditional TSM LAN based is fine with it so I would also assume LANFREE would be as it effectively uses stripped down parts of server code.

My biggest concern is with generic protocols like NDMP. In theory tape drive encryption should be transparent but has anyone actually done it. (Netapps Specifically)

Also is there any benefit to keeping onsite media unencrypted? Based on my understanding its a drive setting that turns on encryption. It is stated that the drive setting when combined with the devclass settings will cause backups to fail if they are not matched correctly. so the way I understand it once set for encryption, drives should be used for encryption only and separate drives would need to be used for unencrypted media.

Management are a little concerned that once stuff is encrypted we cant go back. so we shall be starting small.

Any help would be appreciated.

SC
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,968
Messages
135,431
Members
21,947
Latest member
dylbrawn
Back
Top