DRM Tape Encryption Keys

W

wildbill9999

ADSM.ORG Member
Joined
May 19, 2006
Messages
3
Reaction score
0
Points
0
Website
Visit site
We do our Disaster Recovery at a remote site and we restore a mix of about 30 servers, Win 2003, HP-UX, AIX, Linux. These servers are not identical to the original servers so the restores use the -virtualnodename parameter to identify the original server. I have a set of scripts that run the restore jobs within their collocation groups using a tape library with six drives. This avoids having to manually start and monitor every restore. All this has been tested many times and works well.

Now, I am required to encrypt the DRM tapes. All my dsm.opt files specify "encryptkey save". This works fine until I run a DR test. I find that each directory I restore on each server will prompt me for the encryption key before it restores any encrypted files. Even though I use the same key for every backup on every server, I specify "encryptkey save", and I establish that key on each DR server, I am still prompted to enter the password manually for every directory I restore. This is extremely labor-intensive for a large DR that runs for two days. And tiring!

I might overcome this with a "Here document" on the Unix servers (haven't tested that yet, but it should work), but there's no such thing for Windows.

Does anyone know a way to overcome this limitation? Some way to persuade the DR server to accept the stored encryption key, or stop prompting after the first entry, or any other method that might help?

Does anyone know a way to persuade the DR servers to
 
Have you tried to change the nodename in the dsm.opt/dsm.sys file rather than use the virtualnodename option? The TSM nodename doesn't have to match the OS hostname and it might work better with the encryption if the host encryption key matched the TSM nodename.

-Aaron
 
Good idea, HEADA. However, we are doing application stacking at DR, which means we are restoring the applications from several servers onto one server at DR (we have several servers at the DR site, but not as many as we have in the originating data center). I think that would require we modify the dsm.opt file for every restore in order to have the appropriate name in place. It's probably worse than entering the encryption key.
 
Have multiple dsm.opt files and have your restore point to the one you are restoring from.

-Aaron
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,968
Messages
135,434
Members
21,947
Latest member
dylbrawn
Back
Top