The processor load for encryption is very high. If you need to do this for more than a little data, investigate an encryption appliance to put between the TSM server and the tape drives.
Orville L. Lantto Datatrend Technologies, Inc. (http://www.datatrend.com) IBM Premier Business Partner 121 Cheshire Lane, Suite 700 Minnetonka, MN 55305 Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. "Stapleton, Mark" <[EMAIL PROTECTED]> Sent by: "ADSM: Dist Stor Manager" <[email protected]> 04/13/2005 09:51 AM Please respond to "ADSM: Dist Stor Manager" <[email protected]> To [email protected] cc Subject Re: Encryption of data written to tape From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Dearman, Richard >So the data is not decrypted at the tsm server before being written to >tape? It is encrypted from the moment the data leaves the client, and it not deencrypted until it is restored to the client. >Therefore if I set this for all my windows 5.3 clients all data that is >backed up to disk then migrated to tape will be encrypted? Yes. >And if I need to rebuild (meaning reinstall windows) that >client for any >reason or restore files from that client to any other client I assume >the client doesn't need the decryption keys? This is incorrect. If you rebuild a TSM client, the first time you perform a restore to it the TSM client will ask for the encryption key. If you don't know what it is, the data will not be available. Ever. -- Mark Stapleton ([EMAIL PROTECTED]) IBM Certified Advanced Deployment Professional Tivoli Storage Management Solutions 2005 Office 262.521.5627
