Rainer, Your data is always encrypted with the key generated from the password that you enter, regardless of the hostname. The hostname is only used to store the password locally. For example,
1) Let's say the hostname is 'mercury' 2) You run your first backup and are prompted for encryption key password. Let's say you enter 'secret' 3) The string 'secret' is encrypted with 'mercury' and is stored in TSM.PWD 4) The data are encrypted with 'secret'. 5) On the next backup, the stored password is retrieved from TSM.PWD and decrypted with 'mercury', and 'secret' is used for data backup. 6) Let's say you change the hostname to 'venus' and delete/rename existing TSM.PWD 7) TSM prompts you for encryption key password and you enter 'secret' again. 8) 'secret' is encrypted with 'venus' and is stored in TSM.PWD (note, TSM.PWD will binary differ from the one from step 3, because the key, which is dependent on hostname, is different) 9) The data are encrypted with 'secret' (the same as in step 4, regardless of hostname). 10) On the next backup, stored password is decrypted with 'venus', and the same password 'secret' is used for backup. So you shouldn't worry about validity of your old backups as long as you use the same encryption password and you deleted/renamed TSM.PWD when changing the hostname. The problems come when someone changes the hostname bud does not delete TSM.PWD. In the example above, a backup following the hostname change will try to decrypt stored password with 'venus' and will get an incorrect result (because 'secret' was originally encrypted with 'mercury'!), so the new backups will be using some garbage encryption key, and it would be really hard to restore the new data correctly if TSM.PWD is lost or if the restore happens on a different machine. Alexei "ADSM: Dist Stor Manager" <ADSM-L@VM.MARIST.EDU> wrote on 07/27/2006 06:31:17 AM: > Hi Alexei, > > thanks for your hint - now i come with a new question concerning the > 'restore' : > Because nothing changes other than the 'hostname' of that linux system ... > ... what about the data that has been backed up prior to the time > I rename the hostname and reenter the 'encryption key password' ? > > Because I stay with 'encryptkey save' what happens when (some time) > I may do a full restore of the '/home/' -Filespace ? > > Because this Filespace '/home/' has data backed up that is encrypted > with both encryption-key-usage of the old and the new 'hostname' > ( but always the same 'tsm-Nodename' ) > ... will I am able to restore(and decrypt) all of it ? > > ... i fear to go into problems - Or do I have to start backup again > from 'zero' - for example : > by renaming the filespace on the server > at the time changing the hostname ? > > Thanks again for any hints ! > -- that is something really confusing to me :-| > > Rainer > > > > Alexei Kojenov schrieb: > > > Rainer, > > > > You need to make TSM client prompt you for encryption key password on the > > next backup after you changed the hostname. The only way to do this is to > > rename/remove the existing TSM.PWD file (this is the file where TSM client > > stores its passwords). You should rename this file rather than delete it, > > in case you have problems and want to revert. > > > > Alexei > > > > ----------------------- > > > > Dear TSmers, > > > > we have tsmserver 5.3.3.2 /solaris and tsm-Client 5.3.4.0 /linux. > > > > On the Client we use tsm-encryption : > > The 'nodename' Option is set in the dsm.sys and also the > > 'encryptkey save' OPtion is set and 'encryptiontype AES128' is also set. > > The inclexc-File contains a line like 'include.encrypt *' > > So far anything runs fine :-) > > > > Problem: Next week we have to change the 'hostname' of that linux-server. > > The Question now is : - if any - what steps are to be done at the > > tsm-Client ? > > ... and even at the tsm-server ? > > The (tsm)nodename won't be changed. > > Do I need the TSM-Client in a manual way give once again the > > encryption-key password to let the encryption-key be generated ? > > Or is there nothing to be done at the Client ? > > > > I have looked throgh the lists and docs and havent't found any > > 'procedures' for that scenario - just pointers to dependancies on the > > system's hostname. > > > > Thanks in advance for any hints , recipe or links ... ! > > Rainer > > > > > > -- > > ------------------------------------------------------------------------ > > Rainer Wolf eMail: [EMAIL PROTECTED] > > kiz - Abt. Infrastruktur Tel/Fax: ++49 731 50-22482/22471 > > Universitaet Ulm wwweb: http://kiz.uni-ulm.de > > > > > > -- > ------------------------------------------------------------------------ > Rainer Wolf eMail: [EMAIL PROTECTED] > kiz - Abt. Infrastruktur Tel/Fax: ++49 731 50-22482/22471 > Universitaet Ulm wwweb: http://kiz.uni-ulm.de
