Once you've installed the key manager application (IBM's) and created the key store, that never changes. There are procedures for "cloning" the entire key manager installation..put it on a 2nd box in a different location. At least the TS3310 lets you put in 2 IPaddresses/ports for the key managers. You can also then take that whole directory where the key manager is installed, ZIP it up and store it on some secure USB memory device(s) and keep them as part of your D/R kit offsite. The key store does not store the encryption keys for each tape. Just as many keys as you configured during the install. This is just 1 part that is used to build the actual encryption key for the tape. For un-encrypting the tape, the library just verifies that key with the key manager to ensure it's still valid.
So once you've done the install and configuration, the keystore is static. Bill Boyer DSS, inc. -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Chris Koster Sent: Wednesday, December 03, 2008 10:39 AM To: [email protected] Subject: Re: Encryption in TSM ?? Well, TSM does support encryption and works well as its own key manager. However, this does not encrypt the TSM database. For this, you will need an external key manager to encrypt database tapes. Of course, this starts the whole discussion of then how do you backup the key manager that's encrypting the backup server. So do you setup a 2nd backup instance to backup the key manager which is encrypting the backups? And so on and so on ... If you want my advice, let TSM encrypt all your storage pool volumes and send off the TSM database unencrypted via 2nd pickup with courier of your choice. For the ultra-secure-sensitive type, select a second courier service all together solely for database tapes. - Chris -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Martin Panggabean Sent: Wednesday, December 03, 2008 4:08 AM To: [email protected] Subject: [ADSM-L] Encryption in TSM ?? Dear TSM practitioner, I want to ask what is best practice Encrytion in TSM ? I have plann to encrypt every database backup using TSM, how many percent it would effect the performance comparing backup not using encryption? -- Best Regards, Martin Panggabean Technical Consultant PT. Niaga Prima Paramitra Ahmad Dahlan Avenue 25 Kebayoran Baru, Jakarta Selatan 12130 Indonesia Ph : +(6221)72799949 URL : www.niagaprima.com E-mail : [EMAIL PROTECTED]
