Dell, you are a National Treasure. THANKS. (I'm getting calls about this DAILY. Nothing like tapes lost in transit making the news on CNN to get people interested in encryption!)
-----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Del Hoobler Sent: Thursday, July 21, 2005 3:01 PM To: [email protected] Subject: Re: TDP's and Encryption and 5.3, Oh My.... Hi Wanda, You can do it if you are using the TSM API at the 5.3 level. There are IBM knowledge base documents being written as we speak that explains this.. here is a sneak peak: ============================================================= Transparent encryption is only available on Tivoli Storage Manager server Version 5.3.0 (or later). The Tivoli Storage Manager API enableclientencryptkey option provides 128-bit transparent encryption of SQL databases during Data Protection for SQL backup and restore processing. One random encryption key is generated per session and is stored on the Tivoli Storage Manager server with the object in the server database. Although Tivoli Storage Manager manages the key, a valid database must be available in order to restore an encrypted object. You can encrypt your SQL databases during Data Protection for SQL backup and restore processing by specifying enableclientencryptkey yes in the client options file (dsm.opt) that is used by Data Protection for SQL. By default, this file is located in the Data Protection for SQL installation directory. In this same file, you must specify the databases you want encrypted by adding an include statement with the include.encrypt option. Perform the following tasks to encrypt your SQL databases: 1. Verify that you are running version 5.3.0 (or later) of the Tivoli Storage Manager server and Tivoli Storage Manager API. 2. Edit the DSM.OPT file for the Data Protection client and add this entry: ENABLECLIENTENCRYPTKEY YES 3. Edit the DSM.OPT file for the Data Protection client and add your include statements. For example: To encrypt all SQL backup data, specify the following: include.encrypt \...\* To encrypt a specific SQL database named Db1, specify the following: include.encrypt "\... \Db1\...\*" ============================================================= Thanks, Del ---------------------------------------------------- "ADSM: Dist Stor Manager" <[email protected]> wrote on 07/21/2005 02:36:12 PM: > OK, I'll admit it, I read the TSM 5.3 announcement doc and I don't > understand it. t says: > ------------------------------------------------------------ > The encryption available for backup-archive data with > Tivoli Storage Manager is upgraded from 56-bit DES to > 128-bit Advanced Encryption Standard (AES). Encryption > is now also available for applications using the Tivoli > Storage Manager API, which includes the Tivoli Storage > Manager Data Protection Clients for applications and > databases. New support for automatic key management > can help enable use of encryption with API applications, > often without any changes to the applications. > .... > The Tivoli Storage Manager V5.3 API and the Tivoli > Storage Manager V5.3 server are required to exploit data > encryption for the Data Protection components. > ------------------------------------------------------------------------ > --- > So, that implies that you CAN expoit data encryption for the Data > Protection components, but I can't find any doc on how. > > -I know that you can turn on 128 bit encryption with a TSM 5.3 Windows > or *IX client and a TSM 5.3 server. > -I THINK you can turn on 128 bit encryption with a TSM 5.3 Windows or > *IX client and a TSM 5.2.2 server (can anybody comment on that?). > -I don't see any doc that says how to turn on encryption for the Data > Protection component for Oracle or MSSQL. I've looked at the API doc > that has the encryption SUPPORT, but don't see anything that says the > TDP's are actually using it. > > SO, is this announcement just a "statement of direction", or what? Or > will there be encryption support in the TDP's for 5.3, whenever they > arrive? Somebody kindly point me to the right doc? > > Thanks
