• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

Recovery from encrypted tapes?

ldmwndletsm

ADSM.ORG Member
This will be on a Linux DR test server, not the production sever, but running same release.

Can you restore the database without the keys, as a test? If so, is it necessary to have first backed it up on the production server without the keys?

If you are able to restore without the keys then I would expect that you should be able to restore data from a non-encrypted tape since that wouldn't require a key. However, what happens if you then attempt to restore from an encrypted tape? Will it fail immediately? Or will it succeed, but the data will be unintelligible? Either way, it seems a fair test to ensure that the data really is being encrypted on the production server.

Also, does the password for the database instance user have to be the same as the server where the database backup was created? If not, then all you will need is the password used to protect the master key? That it?
 

Trident

TSM/Storge dude
ADSM.ORG Moderator
Hi,

From help set dbrecovery:
PROTECTKeys
Specifies that database backups include a copy of the
master encryption key for the server that is used to
encrypt node passwords, administrator passwords, and
storage pool data. The master encryption key is stored
in the dsmkeydb files. If you lose the dsmkeydb files,
nodes and administrators are unable to authenticate with
the server because the server is unable to read the
passwords that are encrypted by using the master
encryption key. In addition, any data that is stored in
an encrypted storage pool cannot be retrieved without
the master encryption key. This parameter is optional.
The default value is Yes. You can specify one of the
following values:

No
Specifies that database backups do not include
a copy of the master encryption key for the
server.

Attention: If you specify PROTECTKEYS=NO, you
must manually back up the master encryption key
for the server and make the key available when
you implement disaster recovery. You cannot
recover from a disaster without the master
encryption key.

Yes
Specifies that database backups include a copy
of the master encryption key for the server.

Attention: If you specify PROTECTKEYS=YES, you
must also specify the PASSWORD parameter.
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 18 18.4%
  • Keep using TSM for Spectrum Protect.

    Votes: 60 61.2%
  • Let's be formal and just say Spectrum Protect

    Votes: 12 12.2%
  • Other (please comement)

    Votes: 8 8.2%

Forum statistics

Threads
31,715
Messages
135,190
Members
21,719
Latest member
rolangpr
Top