• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.


    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

Discuss Encryption


ADSM.ORG Senior Member
We have a different approach.... we don't use TSM encryption at all. If an application needs encrytion then its the applications responsibility to develope an encrytion stradegy.

It should be noted that we don't physically move any tapes. We replicate via direct connect private fiber. We do not see a reason to encrypt data that is in a secure facility.


ADSM.ORG Senior Member
We started out with AME here with specific clients and are now in process of rolling out LME for everything. Things to note with LME:

A) Lose connection to EKM server and TSM will retry through all available drives, marking them offline as they error - so eventually all drives are offline.
B) Remove the key for a specific volume on the EKM server and you can't do anything with that volume if it's label has been encrypted until you force overwrite a new label in non-encrypted library. (ROYAL PAIN)
C) Switching from AME to LME is even bigger ROYAL PAIN!

I'm using 3592 rather than LTO, so issues may be lesser with that media.


Encryption solutions.


We are about to start using Library managed 3592 Drive encryption of offsite media sometime this year.

I know traditional TSM LAN based is fine with it so I would also assume LANFREE would be as it effectively uses stripped down parts of server code.

My biggest concern is with generic protocols like NDMP. In theory tape drive encryption should be transparent but has anyone actually done it. (Netapps Specifically)

Also is there any benefit to keeping onsite media unencrypted? Based on my understanding its a drive setting that turns on encryption. It is stated that the drive setting when combined with the devclass settings will cause backups to fail if they are not matched correctly. so the way I understand it once set for encryption, drives should be used for encryption only and separate drives would need to be used for unencrypted media.

Management are a little concerned that once stuff is encrypted we cant go back. so we shall be starting small.

Any help would be appreciated.


Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 17 19.5%
  • Keep using TSM for Spectrum Protect.

    Votes: 53 60.9%
  • Let's be formal and just say Spectrum Protect

    Votes: 10 11.5%
  • Other (please comement)

    Votes: 7 8.0%

Forum statistics

Latest member