ADSM-L

Re: [ADSM-L] tape encryption in TSM environment

2011-06-13 15:17:04
Subject: Re: [ADSM-L] tape encryption in TSM environment
From: "Nast, Jeff P." <Jeff.Nast AT ESSENTIAHEALTH DOT ORG>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 13 Jun 2011 14:06:37 -0500
We are using TKLM (Tickle 'em) also.

Compression first, then encryption. I was told our 3592-E06 (TS1130)
drives would experience <1% degradation (Negligable) in performance
while encrypting. Your tape drive model/manufacturer experience may
vary, but probably not much.

I agree with Howard on the "warm fuzzy"... All tape handling
inside/outside our facilities is done by us. But still if someone were
to lose one... Being a health organization, losing PHI (Patient Health
Information) would be a  bit embarrasing. I found that management was
quite cooperative when asking for funding to encrypt.

-Jeff



-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT vm.marist DOT edu] On Behalf Of
Howard Coles
Sent: Monday, June 13, 2011 1:52 PM
To: ADSM-L AT vm.marist DOT edu
Subject: Re: [ADSM-L] tape encryption in TSM environment

Using a TKLM server you can point your Library to the IP address of the
server, and it will handle the keys, so that even your TSM DB backup
tape is encrypted.  
(as some have asked this as well):
You do have to tell the Library where the Encryption Key servers are,
and then modify the Logical library's Encryption policy.  We've had one
instance where we had to reconfigure the logical library after a
firmware update (to support LTO4s).

>From all I've seen the performance hit isn't noticeable, I think the
compression affects it more, and that's very minimal if any.

As far as whether its needed or not, the answer is yes, as Wanda said,
if you are in our case and have regulatory requirements.  Even without
them it's a good idea.  Gives the execs a warm and fuzzy about trade
secrets, customer data, etc. etc.  We now have it running at three
sites, and so far so good.  You just have to have hardware drives that
support that kind of encryption.


See Ya'
Howard Coles Jr., RHCE, CNE, CDE
John 3:16!

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Mehdi Salehi
Sent: Sunday, June 12, 2011 11:13 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] tape encryption in TSM environment

How much performance degradation would there if encryption is on?
Although
it is the duty of drive itself (I suppose), it might have negative
influence
on backup and even restore performance?