With TSM, you are already assuming the database will be consistent to be able to restore anything, encryption or not. TSM isn't more or less likely to lose an application managed encryption key than it will lose an inventory reference to any particular file.
WIth Application managed encryption, you are storing the keys in the TSM DB along with all the other metadata, so you aren't adding any points of failure. You will need to protect your database using different storage since it won't be encrypted. (I.E. on disk/vtl with offsite replication or something like that) with encryptkey=save, the key is stored on the filesystem, and as a result, the normal TSM backups, One could argue that this has more points of failure. (The TSM database reference and the storage media that the key is actually stored on) as opposed to only in the TSM DB. Even if your goal is only to offload responsibility to the customer, when their keyfile gets corrupted, the'll come to TSM to restore the key anyway. And if it is windows, who wants to restore a registry?! random encryption ramblings... Regards, Shawn ________________________________________________ Shawn Drew Internet warbo...@indiana.edu Sent by: ADSM-L@VM.MARIST.EDU 06/13/2011 03:53 PM Please respond to ADSM-L@VM.MARIST.EDU To ADSM-L cc Subject Re: [ADSM-L] tape encryption in TSM environment Someone here is not willing to bet his career on the reliability of a TSM server managed encryption key. He reasons that if a key is lost on the TSM server side of backups, the data could not be recovered, and we would be accountable. If a client admin loses an encryption key, he is accountable. So we do not use drive-based encryption, and tell our customers to use client-based encryption, specifying 'encryptkey save'. I cannot guarantee that TSM will never lose an application managed encryption key. Am I missing something? With my thanks, Keith Arbogast This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. Please note that certain functions and services for BNP Paribas may be performed by BNP Paribas RCC, Inc.