1. Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING) Click the link to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This message will disappear after you have made at least 12 posts. Thank you for your cooperation.

The best solution for data encryption ??

Discussion in 'TSM Security and Regulatory Compliance' started by chris_magic, Feb 23, 2010.

  1. chris_magic

    chris_magic New Member

    Joined:
    May 17, 2007
    Messages:
    178
    Likes Received:
    0
    Occupation:
    TSM Consultant
    Location:
    Quebec, Qc, Canada
    Guys,

    I would like to know what is the best solution for data encryption.

    By the library or by TSM?

    Thanks in advance.
     
  2.  
  3. cjhood

    cjhood Moderator

    Joined:
    Dec 11, 2007
    Messages:
    322
    Likes Received:
    10
    Occupation:
    Storage Administrator - TSM/SAN
    Location:
    Brisbane, Australia
    Chris,

    I've only done encryption via LTO4 drives with TSM managing the keys, and from my experience it works ok. The major issue is that the TSM database holds the keys, and thus you can't encrypt the DB backup tape. Performance is good, as the encryption is done in hardware it's almost as fast as regular LTO4.

    I can't speak for LME, or for client-side encryption, perhaps someone else here could share their opinions...
     
  4. dangel42

    dangel42 New Member

    Joined:
    May 18, 2007
    Messages:
    69
    Likes Received:
    0
    Location:
    Wisconsin
    We also have TSM manage encryption and have had no issues.
     
  5. chris_magic

    chris_magic New Member

    Joined:
    May 17, 2007
    Messages:
    178
    Likes Received:
    0
    Occupation:
    TSM Consultant
    Location:
    Quebec, Qc, Canada
    I ask this because I want to encrypt only the data who are in my LTO storage pool who is going in vault.

    My TSM server is on Windows 2003 server and the version is 5.5.4.1

    Is it possible to encrypt only a specific storage pool (LTO) ?
     
  6. cjhood

    cjhood Moderator

    Joined:
    Dec 11, 2007
    Messages:
    322
    Likes Received:
    10
    Occupation:
    Storage Administrator - TSM/SAN
    Location:
    Brisbane, Australia

    You setup encryption on the DEVCLASS. So for your offsite pool, you'd create a new device class (LTO_ENCRYPT or something like that), and make sure DRIVEE=on. Then create a new storage pool for your offsite tapes using that devclass.

    You can update an existing devclass to encryption on, however it will be turned on for all storage pools using that devclass.
     
: encryption

Share This Page