ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Any default encryption for TSM server??

2011-08-10 12:43:10
Subject: Re: [ADSM-L] Any default encryption for TSM server??
From: Shawn Drew <shawn.drew AT AMERICAS.BNPPARIBAS DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 10 Aug 2011 12:37:16 -0400 
I would say there are 4 types of encryption.  (Chapter 14 in the 5.5 Admin 
Guide covers alot of this)

- TSM Client level encryption (using the include.encrypt and various 
client options)  Data is encrypted before sending to the TSM server. 
(software based)
- TSM Server level encryption (using the devclass DRIVEEncryption option) 
This is done at the devclass/stgpool level  (I.E. DB Backups are not 
encrypted) (hardware based)
- AIX System level.  Encryption is handled at the Atape level (hardware 
based)
- Library managed (completely transparent to TSM) (hardware based)


1- no default encryption
2- Each method will have its own way to check.   The way we proved to our 
auditors involved documentating an attempt to restore without the keys 
(which failed)
3- These have nothing to do with encryption.  These are basic client 
files.  Refer to the TSM Client manual. 



Regards, 
Shawn
________________________________________________
Shawn Drew





Internet
tsm-forum AT BACKUPCENTRAL DOT COM

Sent by: ADSM-L AT VM.MARIST DOT EDU
08/09/2011 09:22 PM
Please respond to
ADSM-L AT VM.MARIST DOT EDU


To
ADSM-L
cc

Subject
[ADSM-L] Any default encryption for TSM server??






Conclude that the TSM encryption can categories by two types: 1) 
Software/application layer encryption 2) Hardware layer encryption (Tape 
drive).

Question:
1) Does TSM has any data protection other than this two? Does TSM has 
default encryption if we never configure any setting to enable the 
software/application and there are no license key bought for hardware 
layer to do encryption?

2)If a software/application was configured or installed on the server, how 
can we check it? (e.g Maybe there are some files or command able to show 
it and please show me the way to check whether is the encryption enable or 
not to protect the data)

3) Can you tell me where are these files and what are their content about:
    - TSM.PWD
    - Dsm.sys
    - Dsm.opt

And What do INCLUDE.ENCRYPT and EXCLUDE.ENCRYPT statements mean? Where are 
them?
And last question is which file content the encryptkey and 
encryptiontype parameter?

+----------------------------------------------------------------------
|This was sent by terranceyaul AT yahoo DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------



This message and any attachments (the "message") is intended solely for 
the addressees and is confidential. If you receive this message in error, 
please delete it and immediately notify the sender. Any use not in accord 
with its purpose, any dissemination or disclosure, either whole or partial, 
is prohibited except formal approval. The internet can not guarantee the 
integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) 
not therefore be liable for the message if modified. Please note that certain 
functions and services for BNP Paribas may be performed by BNP Paribas RCC, Inc.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Dedup question, Remco Post
Next by Date:  Re: [ADSM-L] Dedup question, Erwann SIMON
Previous by Thread:  Re: [ADSM-L] Any default encryption for TSM server??, Grigori Solonovitch
Next by Thread:  Re: [ADSM-L] Dedup question, Andrew Meadows
Indexes:  [Date] [Thread] [Top] [All Lists]