Transparent encryption is not currently supported for the BA Client.
It's not quite as simple to support transparent encryption for
the BA Client as it is for the TSM API due to the no query restore
functionality of the BA Client.

Transparent encryption for the BA Client is a known requirement.

Thanks,

Del

----------------------------------------------------

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 09/14/2006
11:08:14 PM:

> I have a customer that requires all data to be encrypted. We started
> with the file servers and that was easy enough. I just made sure to
> add the encryptiontype and include.encrpyt entries to the dsm.opt
> file. I then backed up a file and was promted for the key. We typed
> the key and everything is encrypted.  Having to type this key for
> every server is a real pain and it eliminates the possibilty of
> completly automating the install.
>
>   Then we started working with encryption for the TDP for SQL.  I
> see that it uses the option enableclientencryptkey which actually
> generates a key automatically and stores it on the TSM server. It
> also looks like that is a function of the API. So, why in the heck
> can't I do the same thing with the real BA Client.  I'd like it to
> just automatically generate a key as well.  Then we can automate all
> the installs, never have to type a key and the data will also be
encrypted.
>
>   Unless I'm missing something and you can use that option with the
> BA Client but there is zero mention of enableclientencryptkey in any
> of the BA client manuals.
>
>   Now, I added the option to the BAClient dsm.opt. It started
> without erroring. I ran q opt and it shows that it is set.  From
> other reading I this is there for the VSS backup capabilities.
> Anyway, even with the option set in that dsm.opt file I still am
> prompted to provide a key.
>
>   Kyle
>
>
> ---------------------------------
> Do you Yahoo!?
>  Get on board. You're invited to try the new Yahoo! Mail.