Enabling Encryption on TSM clients

M

michellest

ADSM.ORG Member
Joined
Jul 13, 2005
Messages
35
Reaction score
0
Points
0
Location
Edmonton, CANADA
Website
Visit site
I need to enable encyption on all our TSM clients and am finding very little detailed documentation on doing it. Even the TSM docs seem to be vague.



Some of the questions I have are:



1) Once you put the "encryptkey save" line in, does it encypt using the existing dsmc password (TSM.PWD) to encrypt and de-crypt?



2) If the inclexcl file has say just one line in it like exclude.dir /test, if I put a include.encypt * below it, will it skip the /test dir?



3) The include.encrypt won't encypt anything that is not set to backup by the regular include/exclude lines correct?



4) How can I test to see if encyption is working?



5) Does anyone know of some good documentation on specifically using encryption and examples of the tsm.* configuration files?



Thanks!

Michelle
 
To answers in order



1. The TSM.PWD file will contain two line entries, one for the client login, the other will be your encryption password. If you do a "strings" against the file and look closely, you will notice the two entries. Therefore yes, it will be used.



2. No it will be read, and you will be prompted to enter an encryption password for that directory.



3. The encryption process will require two line entries. One being the include.encrypt and the directory, the second will be the include entry of the same directory.



4. Within your dsm.sys file, change your encrypt save to encrpyt prompt. Move the file to another location and then restore the file. You should be prompted. Then place the dsm.sys entries back to what they were, restore to another server, you should be prompted again. If you restore to the same server, and the encrypt entry is save, then you will not be prompted again.



5. Documentation, nothing but first hand experiences. Are you looking for anything specific?



You'll do fine



Steven
 
I was reading thorough, and is very much interested on encryption protection.



Questions:



Where does the TSM.PWD file reside? Will the TSM.PWD files be generated whether the Encrypt password is set to Prompt or Save local?



As I understood it, putting inlcude.encrypt statement in dsm.opt will encrypt ALL files - is this correct?



Thanks.



:confused:
 
On a UNIX machine by default - its /etc/adsm or whatever location you set within the dsm.sys using the passwddir option. Check on this option for spelling - our techie shown me this option only once and I did not take good notes at the time. But I'll ask again tomorrow.



On a UNIX machine, the include.encrypt does in the inclexcl file.





Within windows the TSM.PWD file I believe is in your registry and yes it would go in the dsm.opt file. Yes it encrypt what you select. If you've wildcarded it, it will do it all.



Hope this helps



Steven
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,968
Messages
135,434
Members
21,947
Latest member
dylbrawn
Back
Top