Hi All
We are designing a TSM implementation where the tape library will be TS3500 with LTO5 drives. There will be several TSM servers and we want to keep them separate securely.
We have been discussing the tape encryption key management methods: TKLM and using the TSM DB.
We'd prefer to use the TSM DB but have hit the issue of the TSB DB backups not being encrypted.
Ejecting the TSM DB backups and putting them somewhere really safe seems counter-intuitive. And just keeping them in the library won't work either.
One idea that was suggested was not to backup the TSM DB to tape but to backup to disk. Has anyone done this securely? If so, what did you do?
And are there any other ideas on how to secure TSM DB backups so that the crown jewels aren't easily accessible?
Cheers
Danny
We are designing a TSM implementation where the tape library will be TS3500 with LTO5 drives. There will be several TSM servers and we want to keep them separate securely.
We have been discussing the tape encryption key management methods: TKLM and using the TSM DB.
We'd prefer to use the TSM DB but have hit the issue of the TSB DB backups not being encrypted.
Ejecting the TSM DB backups and putting them somewhere really safe seems counter-intuitive. And just keeping them in the library won't work either.
One idea that was suggested was not to backup the TSM DB to tape but to backup to disk. Has anyone done this securely? If so, what did you do?
And are there any other ideas on how to secure TSM DB backups so that the crown jewels aren't easily accessible?
Cheers
Danny