ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Reading client data from a storage pool tape.

2005-02-18 18:59:25
Subject: Re: Reading client data from a storage pool tape.
From: Orville Lantto <orville.lantto AT DATATREND DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 18 Feb 2005 17:43:59 -0600 
There has been a lot of fuzzy information on this topic.  I did a little
experiment and found that TSM sequential files on disk are not obfuscated
at all.  The tests show that the data is stored in the sequential file in
the format of the original file with the entire file stored sequentially.
I presume that TSM stores data on tapes in the same way.  This means that
the client data on tape is readable by a third party program.  You must
use encryption to secure the data, don't depend on TSM obfuscation!

Orville L. Lantto
Datatrend Technologies, Inc.  (http://www.datatrend.com)
IBM Premier Business Partner
121 Cheshire Lane, Suite 700
Minnetonka, MN 55305
Email: Orville.Lantto AT datatrend DOT com

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any  unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.



Andrew Raibeck <storman AT US.IBM DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
02/18/05 01:43 PM
Please respond to
"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>


To
ADSM-L AT VM.MARIST DOT EDU
cc

Subject
Re: Reading client data from a storage pool tape.






> If you dump the data off of the tape, what do you see.

That depends. Factors to consider include:

- Format of the data that was backed up (was it already compressed or
encrypted, for example)?

- Use of client-side encryption (use this if security is required)

- Use of client-side compression (helps to obfuscate the data)

- Use of tape hardware compression (helps to obfuscate the data)

Even assuming that you don't do any of the above, the data is stored in a
proprietary format. You just can't read the tape and pick off whole,
intact files up from start to finish. The need for an intact TSM server
database to restore the client data is necessary in order for the data to
be read from the tapes and put back on the client, in its original format.
But a serious hacker could probably get at bits and pieces of the data.
This is why we offer client-side encryption of the data (compression isn't
the same as encryption per se, but it offers another layer of obfuscation
just the same).

Regards,

Andy

Andy Raibeck
IBM Software Group
Tivoli Storage Manager Client Development
Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
Internet e-mail: storman AT us.ibm DOT com

The only dumb question is the one that goes unasked.
The command line is your friend.
"Good enough" is the enemy of excellence.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 2005-02-18
12:20:54:

> Let me rephrase the question.
> If you dump the data off of the tape, what do you see.
>
> Frank McClean
> ITSB  SSU
> (916)795-1353
> frank_mcclean AT calpers.ca DOT gov
>
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of
> Andrew Raibeck
> Sent: Friday, February 18, 2005 11:16 AM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: Reading client data from a storage pool tape.
>
>
> I found this pretty quickly in the Admin Guide.
>
> Chapter 24 "Protecting and Recovering Your Server"
>
> Verse "Database and Recovery Log Protection: An Overview"
>
> "The database contains information about the client data in your storage
> pools. The recovery log contains records of changes to the database. If
> you lose the recovery log, you lose the changes that have been made
> since the last database backup. If you lose the database, you lose all
> your client data."
>
> Regards,
>
> Andy
>
> Andy Raibeck
> IBM Software Group
> Tivoli Storage Manager Client Development
> Internal Notes e-mail: Andrew Raibeck/Tucson/IBM@IBMUS
> Internet e-mail: storman AT us.ibm DOT com
>
> The only dumb question is the one that goes unasked.
> The command line is your friend.
> "Good enough" is the enemy of excellence.
>
> "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 2005-02-18
> 11:47:59:
>
> > "The only way to read client data from a tape is to set-up another TSM
>
> > server, and restore the database from your current TSM server onto it.
>
> > You would then be able to access the data on the tape, it cannot be
> > done without TSM." I have heard this several times.
> > Where in the IBM TSM documentation
> > does it specifically state this?
> > I need to quote chapter and verse to an auditor.
> >
> > Frank McClean
> > frank_mcclean AT calpers.ca DOT gov
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Reading client data from a storage pool tape., Andrew Raibeck
Next by Date:  Re: Reading client data from a storage pool tape., Andrew Raibeck
Previous by Thread:  Re: Reading client data from a storage pool tape., Andrew Raibeck
Next by Thread:  Re: Reading client data from a storage pool tape., Andrew Raibeck
Indexes:  [Date] [Thread] [Top] [All Lists]