Re: Why doesn't the TSM client support transparent encryption

2006-09-15 Thread Del Hoobler 
Transparent encryption is not currently supported for the BA Client.
It's not quite as simple to support transparent encryption for
the BA Client as it is for the TSM API due to the no query restore
functionality of the BA Client.

Transparent encryption for the BA Client is a known requirement.

Thanks,

Del



"ADSM: Dist Stor Manager"  wrote on 09/14/2006
11:08:14 PM:

> I have a customer that requires all data to be encrypted. We started
> with the file servers and that was easy enough. I just made sure to
> add the encryptiontype and include.encrpyt entries to the dsm.opt
> file. I then backed up a file and was promted for the key. We typed
> the key and everything is encrypted.  Having to type this key for
> every server is a real pain and it eliminates the possibilty of
> completly automating the install.
>
>   Then we started working with encryption for the TDP for SQL.  I
> see that it uses the option enableclientencryptkey which actually
> generates a key automatically and stores it on the TSM server. It
> also looks like that is a function of the API. So, why in the heck
> can't I do the same thing with the real BA Client.  I'd like it to
> just automatically generate a key as well.  Then we can automate all
> the installs, never have to type a key and the data will also be
encrypted.
>
>   Unless I'm missing something and you can use that option with the
> BA Client but there is zero mention of enableclientencryptkey in any
> of the BA client manuals.
>
>   Now, I added the option to the BAClient dsm.opt. It started
> without erroring. I ran q opt and it shows that it is set.  From
> other reading I this is there for the VSS backup capabilities.
> Anyway, even with the option set in that dsm.opt file I still am
> prompted to provide a key.
>
>   Kyle
>
>
> -
> Do you Yahoo!?
>  Get on board. You're invited to try the new Yahoo! Mail.

Re: Why doesn't the TSM client support transparent encryption

2006-09-14 Thread TSM_User 
Sorry, but Encryptkey is not what I'm looking for.
   
  Encryptkey has two settings "SAVE" (the default) and "PROMPT". This value is 
not used to suply transparrent enctryption. It is simply used to tell the TSM 
client software whether to store the encrypted password in the registry.  Even 
with save you still are prompted one time where you have to manually enter the 
password. It is then stored in the local clients registry and not the TSM 
server.  Also, a key is not generated for you.
   
  Transparrent encryption with the API the key is generated for you and it is 
stored on the TSM server.
   
  Below is from the client help:
  1.3.39 Encryptkey
The encryptkey option specifies whether to save the encryption key
  password locally when performing a backup-archive operation or
  whether to prompt for the encryption key password. The encryption
  key password is saved to the Windows Registry in encrypted format.
  Tivoli Storage Manager client encryption allows you to enter a
  value of up to 63 characters in length. This encryption password
  needs to be confirmed when encrypting the file for backup, and
  also needs to be entered when performing restores of encrypted
  files.
Note: For local backupset restore of encrypted files, you cannot
use a saved encryption key password. You are always prompted
for the encryption key.
   
+ Caution ---+
If the encryption key is not saved in the Windows Registry, and
  you have forgotten the key, your data will be unrecoverable.
++
If you set the encryptkey option to save, you are only prompted
  the first time you perform an operation. Thereafter, Tivoli
  Storage Manager does not prompt for the password.
The Web client saves the encryption key password in the Windows
  Registry. If you do not save the encryption key password, you are
  prompted for the initial encryption key password when you begin
  encryption processing.
You can encrypt the data that is sent to the server during a
  backup or archive operation using standard encryption. If you use
  the encryption feature to encrypt your data during backup or
  archive, you must have the encryption key in order to restore or
  retrieve the data. If the encryption key is not available on the
archive, you must have the encryption key in order to restore or
  retrieve the data. If the encryption key is not available on the
  client machine (via the encryptkey option) and you forgot the
  encryption key, then the data cannot be restored or retrieved
  under any circumstances.
 Supported Clients
This option is valid for all Windows clients.
 Options File
Place this option in the client options file (dsm.opt). You can
  set this option on the Authorization tab, Encryption Key Password
  section of the Preferences editor.
 Syntax
  .-save---.
  >>-ENCRYPTKey-++---><
'-prompt-'
  
   Parameters
save
 Specifies that you want to save the encryption key password to
 the local Windows Registry. If you set the encryptkey option to
 save, you are only prompted the first time you perform an
 operation. Thereafter, Tivoli Storage Manager does not prompt
 for the encryption password. This is the default.
prompt
 Tivoli Storage Manager prompts for the encryption password for
 each backup, archive, and restore operation.
 Examples
Options file:
   encryptkey prompt
  

Richard Sims <[EMAIL PROTECTED]> wrote:
  Check the value of your client ENCryptkey option, which is supposed
to provide what you seek.



-
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates 
starting at 1ยข/min.

Re: Why doesn't the TSM client support transparent encryption

2006-09-14 Thread Richard Sims 

Check the value of your client ENCryptkey option, which is supposed
to provide what you seek.