It is good to know that the encryption can be on the client side. Then the
server can be
doing unencrypted as its default and only those clients that need to encrypt
their data
can do it and take whatever CPU penalty is necessary for the privacy of their
data.
Thanks for working on this tool.
/Tom Kern
On 7/9/2011 23:20, David Boyes wrote:
On 7/9/11 10:53 PM, "Thomas Kern"<[email protected]> wrote:
Have you added software encryption of the tape output? I know that some
tape drives
support hardware encryption but some places do not have enough of them to
spare for linux
and the plain tape drives are what are available.
Yes. At the moment, it's not aware of the crypto cards, so it's quite
expensive in terms of CPU to do it on the Z processor, but it does work.
Encryption can be done at the client or at the SD that is actually writing
the tape, so you could in fact offload that part of the process to a cheap
Intel box if you so choose.
I don't think it would be too hard to make it exploit the crypto cards,
but no one has seriously asked for it yet.
There are also a number of additions for specific applications (databases,
MS Exchange, etc) that are being developed.
It's a pretty good tool. At some point it needs to offer a PIT archive
function, but I don't know that anyone's really thought about it much.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
