Depends on your goal for encryption. If you need it for encrypting during
transport ( or maybe use SSL ), encrypted data at rest on your storage, data
is encrypted on the tapes going offsite,... Yeah the key is in the TSM DB,
but your need to restore/rebuild TSM to be able to get it. Just dumping o
>>I'm struggling to see what use generate is, What't the point of encrypting
>>the data when the key is handed out whenever a restore is performed?
Well, it prevents anybody who doesn't have access to the console of that
machine from restoring the data, esp. to a different machine.
If you don't
Well, there you go. you're spot on there Bill!
I'm struggling to see what use generate is, What't the point of encrypting
the data when the key is handed out whenever a restore is performed?
That must be why I've only ever used "encryptkey save" in the past.
On 22 March 2012 19:57, Bill Boyer
With the ENCRYPTKEY GENERATE specified the client creates the key at the
beginning of the backup and that key is kept with the data stream stored on
the TSM server. When you restore this the key in the data stream is used. I
believe they also refer to this as transparent encryption.
The include.en
They restored because the client had an encryption key, delete that, or
possibly the encryptiontype line and you will be prompted for it.
As for testing to see if they ARE encrypted, i think the client may say
with a q backup (but not sure). The test I used was to try a restore after
I had remove
