|
Re: tape encryption and TSM
2006-01-13 09:28:46
Hi Jim,
I believe that client-sided/initiated
encryption is your only 'native' option here - prior to TSM 5.3, the 56bit
DES encryption provided simply wasn't enough for some institutions, but
with TSM 5.3,128bit AES encryption for both BA client *and* API backups
(i.e. TDP's) has been brought in which has been useful for many sites.
However, that doesn't quite answer your
question.
I believe you can buy devices which
would sit *between* your TSM server and the tape drive to provide encryption
- I've never used one, but have seen references to them on this list. Has/is
anyone else using these? Experiences? Does it add an additional bottleneck
to the tape throughput on higher end (e.g. LTO3) drives?
Rgds,
David McClelland
Storage and Systems Management Specialist
IBM Tivoli Certified Deployment Professional (ITSM 5.2)
SSO UK Service Delivery – Storage Services
IBM Global Services – IBM United Kingdom
|  |
"Murray, Jim"
<JMurray AT LIBERTY-BANK DOT COM>
Sent by: "ADSM: Dist Stor Manager"
<ADSM-L AT VM.MARIST DOT EDU>
13/01/2006 13:30
|
Please respond to
"ADSM: Dist Stor Manager" |
|
|
To
| ADSM-L AT VM.MARIST DOT EDU
|
|
cc
|
|
|
Subject
| Re: [ADSM-L] tape encryption
and TSM |
|
I would be more interested in the answer not so much
as recovery of data
but in securing data. Being a financial institution we have regulatory
requirements for data protection, new State laws say I must encrypt all
data on tape that is moved off site.
Jim Murray
Senior Systems Engineer
Liberty Bank
860.638.2919
jmurray AT liberty-bank DOT com
~~~~~~ _/) ~~~~~~~~~~
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Aaron Becar
Sent: Thursday, January 12, 2006 8:00 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: tape encryption and TSM
Unless you are willing to spen $500 an hour and send your tapes to
Dallas, at a rate of I believe it was 8MB an hour they can rebuild your
database. Then you can get data off your tape. So, yea it is
pretty
difficult. Just don't loose your encryption keys! Then you
should be
okay! Wish I had a better answer!
>>> GEOFFREY.L.GILL AT SAIC DOT COM 1/12/2006 2:24:58 PM >>>
I know the topic of reading tapes written by TSM without having the DB
has come up before, but I'm wondering if anything has changed from a
couple of years ago with the implementation of 5.3 so here are a few
questions.
How hard is it to read tapes without the TSM database tape?
Is there any tape encryption with TSM 5.3?
Besides encrypting data from the client to the server is there anything
else that can be done?
What type of hit does encryption take on the client/server when in use?
Thanks,
Geoff Gill
TSM Administrator
SAIC M/S-G1b
(858)826-4062
Email: <mailto:geoffrey.l.gill AT saic DOT com> geoffrey.l.gill AT saic DOT com
________________________________________________
Unless you have received this email through the Liberty bank secure email
system, before you respond, please consider that any unencrypted e-mail
that is sent to us is not secure. If you send regular e-mail to Liberty
Bank, please do not include any private or confidential information such
as social security numbers, unlisted telephone numbers, bank account numbers,
personal income information, user names, passwords, etc. If you need
to provide us with such information, please telephone us at (888)570-0773
during business hours or write to us at 315 Main St. Middletown, CT 06457.
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged material.
If you are not the intended recipient of this message you are hereby notified
that any use, review, retransmission, dissemination, distribution, reproduction
or any action taken in reliance upon this message is prohibited and may
be unlawful. If you received this in error, please contact the sender and
delete the material from any computer without disclosing it. Any views
expressed in this message are those of the individual sender and may not
necessarily reflect the views of the Bank. Thank you.
________________________________________________
|
|
|
