Enabling client-side encrypt from the server

[mirrorsaw]

Our TSM clients get some of their settings from the local DSM.OPT and we use the server-side cloptsets for include/exclude but how can I set things like encryption/compression/dedup (in this case encryption) on the server, as though it were present in the local DSM.OPT on every node?

I've found some documentation that suggests this is set on the dev class, but I don't see anywhere that I could specify the necessary entries (Encryption yes / type aes256 / key generate).

I'd really appreciate any help.

Thanks!

 

[marclant]

how can I set things like encryption/compression/dedup (in this case encryption) on the server,

First, note that if you use client-side compression or client-side compression, the data won't deduplicate even if sent to a dedup pool. So that's something to consider if you plan to dedup this data.

Have you tried to do it in a client option set? You should be able to use the same options as you would put in the option file:
https://www.ibm.com/support/knowled...m.srv.doc/t_mgclinod_addcliopset.html?lang=en

Syntax:
http://www.ibm.com/support/knowledg...pt_define.html#r_cmd_clientopt_define?lang=en

List of options that you can use in a client option set:
http://www.ibm.com/support/knowledgecenter/SSGSG7_7.1.3/client/c_opt_setbyserver.html?lang=en

 

[mirrorsaw]

First, note that if you use client-side compression or client-side compression, the data won't deduplicate even if sent to a dedup pool. So that's something to consider if you plan to dedup this data.

Have you tried to do it in a client option set? You should be able to use the same options as you would put in the option file:
https://www.ibm.com/support/knowled...m.srv.doc/t_mgclinod_addcliopset.html?lang=en

Syntax:
http://www.ibm.com/support/knowledgecenter/SSGSG7_7.1.3/srv.reference/r_cmd_clientopt_define.html#r_cmd_clientopt_define?lang=en

List of options that you can use in a client option set:
http://www.ibm.com/support/knowledgecenter/SSGSG7_7.1.3/client/c_opt_setbyserver.html?lang=en

Hi there,
Firstly thanks for replying, you were right, it's just a simple entry in the CLOPTSET, and that's working.
Also your statement about data not being able to dedup on the server (if clientside dedup or compress is on), it seems like it would still be better (for max reduction) to dedup and compress on client, rather than simply dedup on server ... wouldn't it?
Thanks again

 

[marclant]

Also your statement about data not being able to dedup on the server (if clientside dedup or compress is on), it seems like it would still be better (for max reduction) to dedup and compress on client, rather than simply dedup on server ... wouldn't it?

Correction: client side encryption and client side compression with server side dedup doesn't find duplicates

You are right, client-side dedup and client side compression gives the maximum. Although starting at 7.1.5, there is server side compression to go along with server side dedup, but that only works if the data is not encrypted and/or compressed by the client.

 

[mirrorsaw]

Correction: client side encryption and client side compression with server side dedup doesn't find duplicates

You are right, client-side dedup and client side compression gives the maximum. Although starting at 7.1.5, there is server side compression to go along with server side dedup, but that only works if the data is not encrypted and/or compressed by the client.

Interesting. I assume that with this new server-side compress, if the data ends up going to tape, will it get inflated at that point, or be stored compressed on tape?

 

[marclant]

Interesting. I assume that with this new server-side compress, if the data ends up going to tape, will it get inflated at that point, or be stored compressed on tape?

It will get decompressed, rehydrated, moved to tape, and they compressed on tape if tape compression is enabled.