Although I don't work in such a world now, I did for several years, and I also consult in such environments quite regularly. I'm also HUGE proponent of encryption in general.
What I am saying is I don't see the point in encrypting data behind the VTL. Since the encryption is invisible to the application, you can still read/write the virtual tapes in TSM, which means that somebody that wants to steal them from the application level won't be stopped. The only way they could steal it that you would stop with disk encryption is if they physically removed the _entire_ VTL from your datacenter without you knowing it. If that can happen in your datacenter than save the money you would have spent on disk encryption and spend it on a physical security system. Bolting the dang thing down with a really nice physical lock comes to mind. ;) Start talking about real tape and my answer changes. I think all real tapes should be encrypted, especially ones leaving the datacenter. They're far too easy to lose and/or steal to not do that. --- W. Curtis Preston Author of O'Reilly's Backup & Recovery and Using SANs and NAS VP Data Protection GlassHouse Technologies -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Gill, Geoffrey L. Sent: Friday, June 15, 2007 3:15 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] Fw: Just how does a VTL work? > You cannot encrypt the data before it goes to the VTL and expect it to de-dupe it. But you can encrypt when copying from the VTL to tape, or you can put an encryption box behind the VTL head but in front of the disk and you're OK (although I don't see the point). You obviously don't live in a world where you have to protect financial data, or any other data for that matter. Geoff Gill TSM Administrator PeopleSoft Sr. Systems Administrator SAIC M/S-G1b (858)826-4062 Email: [EMAIL PROTECTED]