I believe TSM can only encrypt up to AES 128 & DES 56, I do not believe it has been updated to support AES 256. Michael
On Thu, Mar 6, 2008 at 10:03 AM, Wanda Prather <[EMAIL PROTECTED]> wrote: > The TSM clients (including TDP's) can encrypt at AES 256. You take a hit > on > performance for both backup and restore; you need to also turn on > compression on the client, as encrypted data can't be compressed by the > tape > drive. > > If you want to encrypt using the backup client, I STRONGLY recommend you > upgrade to 5.5, where the TSM server manages the keys for you. Prior to > that level, you have to maintain the keys manually; if you lose the keys > and > have to go to a DR site, you won't get your data back. At 5.5, the keys > are > generated randomly and maintained in the TSM data base. (The TDP's have > the > keys managed by the TSM data base starting at 5.3; for regular clients, > that > feature starts at 5.5). > > A better/cleaner method is encrypting outboard in the hardware. Look into > upgrading your drives to LTO4; then (with an additional feature code on > your > 3584) you can do the encryption outboard, with no performance hit. TSM > can > still maintain the keys for you, if you want, or you can use an external > key > manager that IBM provides. > > Whether or not you can encrypt data that goes to your VTL outboard depends > on your VTL vendor. > > > On 3/6/08, Bell, Charles (Chip) <[EMAIL PROTECTED]> wrote: > > > > I am wondering what level of encryption TSM has as an application, if at > > all. > > > > > > > > > > We are running v5.4.2.0 on the server. > > > > We have a 3584 with LTO1 and LTO2, with copies of both going offsite to > > Iron > > Mountain. > > > > We have a VTL emulating 3592 for onsite use. > > > > > > > > God bless you!!! > > > > Chip Bell > > Network Engineer I > > IBM Tivoli Certified Deployment Professional > > Baptist Health System > > Birmingham, AL > > > > > > > > > > > > > > ----------------------------------------- > > Confidentiality Notice: > > The information contained in this email message is privileged and > > confidential information and intended only for the use of the > > individual or entity named in the address. If you are not the > > intended recipient, you are hereby notified that any dissemination, > > distribution, or copying of this information is strictly > > prohibited. If you received this information in error, please > > notify the sender and delete this information from your computer > > and retain no copies of any of this information. > > >
