Yes and no. All the data backed up by a client in encrypted format stays encrypted, it can only be decrypted by the original client (or a client with the original encryption key). If you turn on encryption on the drives that's OK, if client-encrypted data gets sent there via MOVE DATA, reclaim, or BACKUP STGPOOL, it will work fine. The drives apply their own encryption algorithm, but it's transparent to everybody. The drives won't be able to compress the client-encrypted data, but you're no worse off than you are now.
But if you turn on tape encryption, you can turn off client encryption. Then the drives will compress first, then encrypt, so you get good compression ratios for the data. If you send your onsite data to a de-dup VTL and your TSM copy tapes to encrypting drives, you will get the benefits of dedup in the VTL and the benefits of compression on the drives. As older data expires, your overall compression ratio will get better over time. On 1/24/08, Hart, Charles A <[EMAIL PROTECTED]> wrote: > > Is it possible to change from Client Encrypt to Tape Device Encrypt? > (i.e. LTO4 / 3592 etc) The you're encrypting your offsite but your > onsite is now getting better "Factoring" compression ratios. > > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of > lamont > Sent: Wednesday, January 23, 2008 11:18 PM > To: [email protected] > Subject: [ADSM-L] Data Deduplication > > Hi Curtis, > Unfortunately, this was already the case when I came, client encryption > is the only option and the tapes are needed to be sent to offsite. > I think we need to consider this - enabling/disabling client encryption > and see how - in the test case on the upcoming POC with a de-dupe > vendor. > > Thanks. > > > cpreston wrote: > > The other posters are correct. You will get 1:1. Dedupe works by > > finding patterns. There are no patterns in encrypted data. > > > > One question would be why would you do that? Most people are > > encrypting data as it leaves their site. The best way to do that is > > hardware encryption (tape drive or SAN-based). Do that on the other > > side of your dedupe box and before it goes to tape -- not at the > > client -- and you'll have no issues with dedupe. > > > > --- > > W. Curtis Preston > > Backup Blog @ www.backupcentral.com > > VP Data Protection, GlassHouse Technologies > > > > -----Original Message----- > > From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf > > Of lamont > > Sent: Wednesday, January 23, 2008 12:29 AM > > To: [email protected] > > Subject: [ADSM-L] Data Deduplication > > > > Hi, > > What would likely be the de-dupe ratio if tsm clients do archive > > processing daily (file level, no tdps) with encryption enabled? > > > > Thanks. > > > > +--------------------------------------------------------------------- > > +- > > |This was sent by [EMAIL PROTECTED] via Backup Central. > > |Forward SPAM to [EMAIL PROTECTED] > > +--------------------------------------------------------------------- > > +- > > > +---------------------------------------------------------------------- > |This was sent by [EMAIL PROTECTED] via Backup Central. > |Forward SPAM to [EMAIL PROTECTED] > +---------------------------------------------------------------------- > > > This e-mail, including attachments, may include confidential and/or > proprietary information, and may be used only by the person or entity to > which it is addressed. If the reader of this e-mail is not the intended > recipient or his or her authorized agent, the reader is hereby notified > that any dissemination, distribution or copying of this e-mail is > prohibited. If you have received this e-mail in error, please notify the > sender by replying to this message and delete this e-mail immediately. >
