Paul, Did you find out a definitive answer on this? Initial searching shows that the crypto cards work on AIX, and are accessible through a standardized API that banks use. The card itself seems to be a dual PPC405e on card with a Linux service processor and DMA based communication back to the OS.
However, I could not find anything indicating that TSM could make use of this. A FITS/DCR through your account rep for TSM to support SSL acceleration through Crypto Coprocessor might be a good thing too. The Crypto cards state they support SSL acceleration, among other things. The alternatives (stunnel, client side encryption) are less than desirable compromises. With friendly regards, Josh-Daniel S. Davis ________________________________ From: Paul Zarnowski <p...@cornell.edu> To: ADSM-L@VM.MARIST.EDU Sent: Wed, September 8, 2010 9:49:09 AM Subject: [ADSM-L] SSL CPU I'm looking for recommendations & experiences on TSM SSL. There is interest from our security group here in enabling SSL for TSM sessions. Naturally, the easiest plan for the security folks would be to just enable it for everything. There is guidance in the IBM documentation to only use it where it is needed, and to consider adding server resources if you use it. I'm looking for something a little more quantifiable. Are there any rules of thumb out there that would be helpful? Also, does anyone know if encryption chips are available on p-Series servers that TSM SSL can make use of? Thanks in advance. ..Paul -- Paul Zarnowski Ph: 607-255-4757 Manager, Storage Services Fx: 607-255-8521 719 Rhodes Hall, Ithaca, NY 14853-3801 Em: p...@cornell.edu
