ADSM-L

Re: [ADSM-L] SSL CPU

2010-09-27 21:41:52
Subject: Re: [ADSM-L] SSL CPU
From: Josh Davis <xaminmo AT OMNITECH DOT NET>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 27 Sep 2010 18:41:03 -0700
Paul,
Did you find out a definitive answer on this?

Initial searching shows that the crypto cards work on AIX, and are accessible
through a standardized API that banks use.  The card itself seems to be a dual
PPC405e on card with a Linux service processor and DMA based communication back
to the OS.

However, I could not find anything indicating that TSM could make use of this.
 A FITS/DCR through your account rep for TSM to support SSL acceleration through
Crypto Coprocessor might be a good thing too.  The Crypto cards state they
support SSL acceleration, among other things.

The alternatives (stunnel, client side encryption) are less than desirable
compromises.
 With friendly regards,
Josh-Daniel S. Davis




________________________________
From: Paul Zarnowski <psz1 AT CORNELL DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Sent: Wed, September 8, 2010 9:49:09 AM
Subject: [ADSM-L] SSL CPU

I'm looking for recommendations & experiences on TSM SSL.

There is interest from our security group here in enabling SSL for TSM
sessions.  Naturally, the easiest plan for the security folks would be to just
enable it for everything.  There is guidance in the IBM documentation to only
use it where it is needed, and to consider adding server resources if you use
it.  I'm looking for something a little more quantifiable.  Are there any rules
of thumb out there that would be helpful?

Also, does anyone know if encryption chips are available on p-Series servers
that TSM SSL can make use of?

Thanks in advance.
..Paul



--
Paul Zarnowski                            Ph: 607-255-4757
Manager, Storage Services                 Fx: 607-255-8521
719 Rhodes Hall, Ithaca, NY 14853-3801    Em: psz1 AT cornell DOT edu