We are starting to make more use of TSM Encryption. There is a
combination of features that appears to leave a security gap.
We have decided to use ENCRYPTKEY GENERATE, because it provides what is
in effect encryption key escrow. We require key escrow whenever
encryption is used for university
, Ruth Slovik rmi...@illinois.edu
To: ADSM-L@VM.MARIST.EDU
Date: 03/12/2015 05:57 PM
Subject: Old Technote: TSM encryption compliance with FIPS 140-2
Sent by: ADSM: Dist Stor Manager ADSM-L@VM.MARIST.EDU
Hi All,
I know we all grapple with outdated online documentation from time
to time. Does
Hi Del,
That's very much appreciated!
Best,
Ruth
U of I, Urbana, IL
-Original Message-
From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Del
Hoobler
Sent: Monday, March 16, 2015 5:57 AM
To: ADSM-L@VM.MARIST.EDU
Subject: Re: [ADSM-L] Old Technote: TSM encryption
Hi All,
I know we all grapple with outdated online documentation from time to time.
Does anyone have a suggestion for the best way to request IBM update an out of
date technote? I've already submitted feedback via the 'rate this page' link.
Is it better to open a service request? To me that
[mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
Steven Langdale
Sent: Thursday, March 22, 2012 5:10 PM
To: ADSM-L@VM.MARIST.EDU
Subject: Re: [ADSM-L] More tsm encryption questions
Well, there you go. you're spot on there Bill!
I'm struggling to see what use generate is, What't the point of encrypting
the data
Ok. Think I have encryption working.
Tried the following experiment.
1. Added these lines to dsm.opt
encryptiontype aes128
encryptkey generate
include.encrypt c:\Documents and Settings\glee.BSU\My Documents\crypt\...\*
2. did an incremental backup to pick up the crypt folder just created and
They restored because the client had an encryption key, delete that, or
possibly the encryptiontype line and you will be prompted for it.
As for testing to see if they ARE encrypted, i think the client may say
with a q backup (but not sure). The test I used was to try a restore after
I had
@VM.MARIST.EDU] On Behalf Of
Steven Langdale
Sent: Thursday, March 22, 2012 2:21 PM
To: ADSM-L@VM.MARIST.EDU
Subject: Re: [ADSM-L] More tsm encryption questions
They restored because the client had an encryption key, delete that, or
possibly the encryptiontype line and you will be prompted
: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of
Steven Langdale
Sent: Thursday, March 22, 2012 2:21 PM
To: ADSM-L@VM.MARIST.EDU
Subject: Re: [ADSM-L] More tsm encryption questions
They restored because the client had an encryption key, delete that, or
possibly the encryptiontype
] More tsm encryption questions
They restored because the client had an encryption key, delete that,
or possibly the encryptiontype line and you will be prompted for it.
As for testing to see if they ARE encrypted, i think the client may
say with a q backup (but not sure). The test I used
On Aug 1, 2011, at 10:59 PM, terrance wrote:
So What you mean is TSM server don't has its own encryption instead help by
the driver or client side encryption?
...
The Administrator's Guide for your given TSM release will describe encryption
opportunities available from the standpoint of the
1)Any prerequisite or condition require before the data been encrypted such as
according to my understanding, TSM is a storage manager server, so any driver
or software need to install or configure to enable the encryption method either
by client side or driver side?
2) According to the
I checked my TSM server with this command
q devclass Device name f=d
and it shows the Driver Encryption is set ON.
So I know that my TSM server is using AME method to encrypt the data
But any prerequisite and configure steps to achieve it?
How can I retrieve all the information about the what kind of encryption method
or type is using on my TSM server?
What I mean is how to check the backup data and store into a tape whether
encrypted or not?
Isn't it related to the default encrypted method AES 128 or alternative
encrypted method
TSM client encryption can be verified per IBM Technote 1303197.
Tape drive encryption is a hardware topic addressed by the documentation for
the particular drive model, as in recent 3592 model variants.
Richard Sims
Manager [ADSM-L@VM.MARIST.EDU] On Behalf Of Richard Sims
[r...@bu.edu]
Sent: Monday, August 01, 2011 8:10 PM
To: ADSM-L@VM.MARIST.EDU
Subject: Re: [ADSM-L] Verifying IBM TSM Encryption types
TSM client encryption can be verified per IBM Technote 1303197.
Tape drive encryption is a hardware topic
So What you mean is TSM server don't has its own encryption instead help by the
driver or client side encryption?
1) What i mean is that when data store inside the storage, any encryption step
will run in this stage before it backup into a tape?
2) Will it possible a TSM server using both
Looking for help...TSM 5.4.1.1 on WIndows2003 running the latest IBM tape
driver. The library and drives are at the latest firmware
as of about 2-weeks ago. The drives have application encryption enabled. This
was done through the CE interface on the back of the
drives. A query of the drive VPD
: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of
William Boyer
Sent: Wednesday, December 05, 2007 9:56 AM
To: ADSM-L@VM.MARIST.EDU
Subject: [ADSM-L] Anyone doing TSM Encryption on TS1120's in a 3494 tape
library??
Looking for help...TSM 5.4.1.1 on WIndows2003 running the latest IBM
tape
Of
Kelly Lipp
Sent: Monday, August 13, 2007 4:20 PM
To: ADSM-L@VM.MARIST.EDU
Subject: [ADSM-L] LTO4 and TSM Encryption of Storage Pool Volumes and DB
Backup Tapes
Folks,
I'm trying to plug the hole in the system here. With TSM V5.3.5.2 and
5.4.0.2 LTO4 drives and their encryption functionality can
Folks,
I'm trying to plug the hole in the system here. With TSM V5.3.5.2 and
5.4.0.2 LTO4 drives and their encryption functionality can finally be
exploited at the application level. Within TSM, we use device classes
to enable this. So I'm thinking one could have one device class
supporting
/solaris and tsm-Client 5.3.4.0 /linux.
On the Client we use tsm-encryption :
The 'nodename' Option is set in the dsm.sys and also the
'encryptkey save' OPtion is set and 'encryptiontype AES128' is also
set.
The inclexc-File contains a line like 'include.encrypt *'
So far anything runs
where TSM
client
stores its passwords). You should rename this file rather than delete
it,
in case you have problems and want to revert.
Alexei
---
Dear TSmers,
we have tsmserver 5.3.3.2 /solaris and tsm-Client 5.3.4.0 /linux.
On the Client we use tsm-encryption
/solaris and tsm-Client 5.3.4.0 /linux.
On the Client we use tsm-encryption :
The 'nodename' Option is set in the dsm.sys and also the
'encryptkey save' OPtion is set and 'encryptiontype AES128' is also
set.
The inclexc-File contains a line like 'include.encrypt *'
So far anything runs fine
). You should rename this file rather than delete it,
in case you have problems and want to revert.
Alexei
---
Dear TSmers,
we have tsmserver 5.3.3.2 /solaris and tsm-Client 5.3.4.0 /linux.
On the Client we use tsm-encryption :
The 'nodename' Option is set in the dsm.sys
delete it,
in case you have problems and want to revert.
Alexei
---
Dear TSmers,
we have tsmserver 5.3.3.2 /solaris and tsm-Client 5.3.4.0 /linux.
On the Client we use tsm-encryption :
The 'nodename' Option is set in the dsm.sys and also the
'encryptkey save' OPtion is set
Dear TSmers,
we have tsmserver 5.3.3.2 /solaris and tsm-Client 5.3.4.0 /linux.
On the Client we use tsm-encryption :
The 'nodename' Option is set in the dsm.sys and also the
'encryptkey save' OPtion is set and 'encryptiontype AES128' is also set.
The inclexc-File contains a line like
Unfortunately no, we have been searching and can not find in the HIPAA documentation
the level of encryption required, just that it is required.
David Jelinek
-Original Message-
I would recommend that you open a requirement against the product for
stronger encryption. By the
Does anyone know what level of encryption is done when using the INCLUDE
ENCRYPTION option in your dsm.opt file? Is it DES, triple DES or what?
Jim Sporer
[EMAIL PROTECTED]
Jim,
The TSM Backup/Archive client uses 56-bit DES encryption.
Thanks,
Jim Smith
TSM Development
Does anyone know what level of encryption is done when using the INCLUDE
ENCRYPTION option in your dsm.opt file? Is it DES, triple DES or what?
Jim Sporer
[EMAIL PROTECTED]
Jim,
Thanks for the info.
Jim Sporer
At 10:32 AM 9/26/2002 -0700, you wrote:
Jim,
The TSM Backup/Archive client uses 56-bit DES encryption.
Thanks,
Jim Smith
TSM Development
Does anyone know what level of encryption is done when using the INCLUDE
ENCRYPTION option in your dsm.opt file? Is
Hello Jim
Follow up question,
Can you ask if there is anyway for us to get clients that do stronger
encryption, eg tripledes? If not, are there plans in the future to offer
strong encryption? This relates to the HIPAA requirements that are coming.
Thanks again.
Jim Sporer
At 10:32 AM
Jim,
I would recommend that you open a requirement against the product for
stronger encryption. By the way, what are the HIPAA requirements as they
relate to data encryption? Are these well documented?
Thanks,
Jim Smith
TSM development
Hello Jim
Follow up question,
Can you ask if there
Hi everyone.
For those who don't remember this discussion a few months ago here is some
update.
A few months ago we had a chance to offer TSM to one of the largest company
here. Soon it became obvious that security where a large concern to them.
They asked a lot of Encryption questions witch we
Hi There,
Just wondering if anybody has written or knows of a step-by step guide to
implementing TSM encryption for backup and archive ??
As noticed by somebody else in this list the documentation for this
function in the manuals is extremely light.
Even a quick process outline by someone who
35 matches
Mail list logo