You can turn on compression in the TSM clients (at TSM 5.3 clients you can use AES128 encryption, and with the TSM 5.3 server you can turn on encryption for TDP clients). But you must be VERY VERY CAREFUL with key management; if you lose the keys, you're toast and will NEVER get the data back. TSM client encryption is VERY easy to implement. Key management is hard.
Or, you can do the encryption in hardware: You can put encryption devices in your network, so that all the data is encrypted BEFORE it reaches the TSM server. Or you can put an encrytpion device between your TSM server and your tape drives. Hardware is probably more expensive to implement, but IMHO easier to manage since your encryption occurs at ONE point. Those are your choices. All are difficult, expensive (in terms of people time or $ or both), and ugly to manage. Wanda Prather "I/O, I/O, It's all about I/O" -(me) -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Murray, Jim Sent: Friday, January 13, 2006 8:30 AM To: ADSM-L@VM.MARIST.EDU Subject: Re: tape encryption and TSM I would be more interested in the answer not so much as recovery of data but in securing data. Being a financial institution we have regulatory requirements for data protection, new State laws say I must encrypt all data on tape that is moved off site. Jim Murray Senior Systems Engineer Liberty Bank 860.638.2919 [EMAIL PROTECTED] ~~~~~~ _/) ~~~~~~~~~~ -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Becar Sent: Thursday, January 12, 2006 8:00 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: tape encryption and TSM Unless you are willing to spen $500 an hour and send your tapes to Dallas, at a rate of I believe it was 8MB an hour they can rebuild your database. Then you can get data off your tape. So, yea it is pretty difficult. Just don't loose your encryption keys! Then you should be okay! Wish I had a better answer! >>> [EMAIL PROTECTED] 1/12/2006 2:24:58 PM >>> I know the topic of reading tapes written by TSM without having the DB has come up before, but I'm wondering if anything has changed from a couple of years ago with the implementation of 5.3 so here are a few questions. How hard is it to read tapes without the TSM database tape? Is there any tape encryption with TSM 5.3? Besides encrypting data from the client to the server is there anything else that can be done? What type of hit does encryption take on the client/server when in use? Thanks, Geoff Gill TSM Administrator SAIC M/S-G1b (858)826-4062 Email: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] ________________________________________________ Unless you have received this email through the Liberty bank secure email system, before you respond, please consider that any unencrypted e-mail that is sent to us is not secure. If you send regular e-mail to Liberty Bank, please do not include any private or confidential information such as social security numbers, unlisted telephone numbers, bank account numbers, personal income information, user names, passwords, etc. If you need to provide us with such information, please telephone us at (888)570-0773 during business hours or write to us at 315 Main St. Middletown, CT 06457. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited and may be unlawful. If you received this in error, please contact the sender and delete the material from any computer without disclosing it. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the Bank. Thank you. ________________________________________________
