subject:"Any default encryption for TSM server\?\?"

Re: Any default encryption for TSM server??

2011-08-10 Thread Shawn Drew

I would say there are 4 types of encryption.  (Chapter 14 in the 5.5 Admin 
Guide covers alot of this)

- TSM Client level encryption (using the include.encrypt and various 
client options)  Data is encrypted before sending to the TSM server. 
(software based)
- TSM Server level encryption (using the devclass DRIVEEncryption option) 
This is done at the devclass/stgpool level  (I.E. DB Backups are not 
encrypted) (hardware based)
- AIX System level.  Encryption is handled at the Atape level (hardware 
based)
- Library managed (completely transparent to TSM) (hardware based)


1- no default encryption
2- Each method will have its own way to check.   The way we proved to our 
auditors involved documentating an attempt to restore without the keys 
(which failed)
3- These have nothing to do with encryption.  These are basic client 
files.  Refer to the TSM Client manual. 



Regards, 
Shawn

Shawn Drew





Internet
tsm-fo...@backupcentral.com

Sent by: ADSM-L@VM.MARIST.EDU
08/09/2011 09:22 PM
Please respond to
ADSM-L@VM.MARIST.EDU


To
ADSM-L
cc

Subject
[ADSM-L] Any default encryption for TSM server??






Conclude that the TSM encryption can categories by two types: 1) 
Software/application layer encryption 2) Hardware layer encryption (Tape 
drive).

Question:
1) Does TSM has any data protection other than this two? Does TSM has 
default encryption if we never configure any setting to enable the 
software/application and there are no license key bought for hardware 
layer to do encryption?

2)If a software/application was configured or installed on the server, how 
can we check it? (e.g Maybe there are some files or command able to show 
it and please show me the way to check whether is the encryption enable or 
not to protect the data)

3) Can you tell me where are these files and what are their content about:
- TSM.PWD
- Dsm.sys
- Dsm.opt

And What do INCLUDE.ENCRYPT and EXCLUDE.ENCRYPT statements mean? Where are 
them?
And last question is which file content the encryptkey and 
encryptiontype parameter?

+--
|This was sent by terrancey...@yahoo.com via Backup Central.
|Forward SPAM to ab...@backupcentral.com.
+--



This message and any attachments (the "message") is intended solely for 
the addressees and is confidential. If you receive this message in error, 
please delete it and immediately notify the sender. Any use not in accord 
with its purpose, any dissemination or disclosure, either whole or partial, 
is prohibited except formal approval. The internet can not guarantee the 
integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) 
not therefore be liable for the message if modified. Please note that certain 
functions and services for BNP Paribas may be performed by BNP Paribas RCC, Inc.

Re: Any default encryption for TSM server??

2011-08-10 Thread Grigori Solonovitch

There is no default encryption on TSM Server.
For hardware encryption you need to look into drive configuration.
Software encryption is supported by TSM Client and TDP (API).
For example, we need to encrypt all information related to Oracle databases on 
AIX logical partition (database dumps and database backups via TDPO).
Configuration steps are (encryption keys are kept in TSM database):

1) to enable possibility of encryption for AIX file systems add next lines into 
/usr/tivoli/tm/ba/bin64/dsm.sys:
   Nodename   LPAR05
   Encryptiontype AES128
   Encryptkey generate
   InclExcl   /backup/tsm/ba/InclExcl.list
2) to enable possibility of encryption  for TDP for Oracle backups add next 
lines into /usr/tivoli/tsm/api/bin64/dsm.sys:
   NODENAME LPAR05_ORA
   Encryptiontype   AES128
   Encryptkey   generate
   Inclexcl /backup/tsm/ba/InclExcl.list

3) set encryption for database dumps and TDPO backups in include/exclude list 
/backup/tsm/ba/InclExcl.list:
include * AIX
include /.../* FSLPAR05
include /ifns_ifns/.../* DBLPAR05
include /patm_patm/.../* DBLPAR05
include /ptel_ptel/.../* DBLPAR05
include.encrypt /ifns_ifns/.../*
include.encrypt /patm_patm/.../*
include.encrypt /ptel_ptel/.../*
include.encrypt *.dmp.Z

Note, there are 3 databases with file space names ifns_ifns, patm_patm and 
ptel_ptel (names are defined in TDPO configuration file). In addition, all 
databases dumps are kept in compressed files *.dmp.Z. List of encrypted files 
can be expanded by adding INCLUDE.ENCRYPT lines into include/exclude list.

To check encryption for databases:

q act  or=client node=LPAR05_ORA begind=08/09/2011
.
Date/Time: 08/09/2011 15:44:51
  Message: ANE4991I (Session: 42231, Node: LPAR05_ORA)  TDP Oracle AIX ANU0599  
TDP for Oracle: (9216226): =>(LPAR05_ORA) ANU2526I Backup details for backup 
piece /ifns_ifns///LPAR05/ifns.09.1.58075.1.758734242 (database "IFNSDB"). 
Total bytes sent: 9756213248. Total processing time: 00:14:06. Throughput rate: 
11261.88Kb/Sec. Compressed: Yes , 61%. Encryption: AES_128BIT. LAN-Free: 
No.(SESSION: 42231)
..
Date/Time: 08/09/2011 16:05:32
  Message: ANE4991I (Session: 44685, Node: LPAR05_ORA)  TDP Oracle AIX ANU0599  
TDP for Oracle: (10055750): =>(LPAR05_ORA) ANU2526I Backup details for backup 
piece /patm_patm///LPAR05/Archive_patm.09.50832.1.758736133 (database 
"PATMDB"). Total bytes sent: 3064201216. Total processing time: 00:03:17. 
Throughput rate: 15189.77Kb/Sec. Compressed: Yes , 54%. Encryption: AES_128BIT. 
LAN-Free: No.(SESSION: 44685)



To check encryption for database dumps:
dsmc query backup "/home/users05/fnsonli/backup/*.dmp.Z" -detail 
-traceflags=query
dsmc query backup "/backup05/exp/patm/*.dmp.Z" -detail -traceflags=query
dsmc query backup "/backup05/exp/ptel/*.dmp.Z" -detail -traceflags=query
dsmc query backup "/backup05/exp/ptel/*.log" -detail -traceflags=query

For example, prove_encryption.sh gives:

IBM Tivoli Storage Manager
Command Line Backup-Archive Client Interface
  Client Version 6, Release 2, Level 2.0
  Client date/time: 08/10/11   13:20:20
(c) Copyright by IBM Corporation and other(s) 1990, 2010. All Rights Reserved.

Node Name: LPAR05
Session established with server BKME: AIX-RS/6000
  Server Version 5, Release 5, Level 5.2
  Data compression forced on by the server
  Server date/time: 08/10/11   13:20:20  Last access: 08/09/11   16:49:09

   SizeBackup DateMgmt Class   A/I File
   -----   --- 
13,012,947,599  B  08/09/11   16:30:00 FSLPAR05 A  
/home/users05/fnsonli/backup/expfns1.dmp.Z
Modified: 08/09/11   01:25:29   Accessed: 08/08/11   16:42:19
 Compressed:  NOEncryption Type: 128-bit AES
Client-deduplicated: NO
...

I hope this will answer all your questions.

Grigori G. Solonovitch


-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of 
terrance
Sent: Wednesday, August 10, 2011 4:22 AM
To: ADSM-L@VM.MARIST.EDU
Subject: [ADSM-L] Any default encryption for TSM server??

Conclude that the TSM encryption can categories by two types: 1) 
Software/application layer encryption 2) Hardware layer encryption (Tape drive).

Question:
1) Does TSM has any data protection other than this two? Does TSM has default 
encryption if we never configure any setting to enable the software/application 
and there are no license key bought for hardware layer to do encryption?

2)If a software/application was configured or installed on the server, how can 
we check it? (e.g Maybe there are some files or command able to show it and 
please show me the way to check whether is the encryption enable or not to 
protect the data)

3) Can you tell me where are these f

Any default encryption for TSM server??

2011-08-10 Thread terrance

can anyone tell me what is the step to restore the data from tape?
Let say that if the tape lost, even the catalog tape also lost together with it.
so any possible the outsider able to retrieve the data using both of the tape?

(as i know that the encryption key will store inside the catalog and backup to 
a tape)<<(correct?)

is it the catalog only can retrieve by particular account inside a same TSM 
server? so different TSM server different account and password. so do it make 
sense that the outsider unable to retrieve data which different from the 
original server?

+--
|This was sent by terrancey...@yahoo.com via Backup Central.
|Forward SPAM to ab...@backupcentral.com.
+--

Any default encryption for TSM server??

2011-08-09 Thread terrance

Conclude that the TSM encryption can categories by two types: 1) 
Software/application layer encryption 2) Hardware layer encryption (Tape drive).

Question:
1) Does TSM has any data protection other than this two? Does TSM has default 
encryption if we never configure any setting to enable the software/application 
and there are no license key bought for hardware layer to do encryption?

2)If a software/application was configured or installed on the server, how can 
we check it? (e.g Maybe there are some files or command able to show it and 
please show me the way to check whether is the encryption enable or not to 
protect the data)

3) Can you tell me where are these files and what are their content about:
- TSM.PWD
- Dsm.sys
- Dsm.opt

And What do INCLUDE.ENCRYPT and EXCLUDE.ENCRYPT statements mean? Where are them?
And last question is which file content the encryptkey and encryptiontype 
parameter?

+--
|This was sent by terrancey...@yahoo.com via Backup Central.
|Forward SPAM to ab...@backupcentral.com.
+--

Re: Any default encryption for TSM server??

Re: Any default encryption for TSM server??

Any default encryption for TSM server??

Any default encryption for TSM server??

4 matches

Site Navigation

Mail list logo

Footer information