Written by W. Curtis Preston
Monday, 04 August 2008 04:00
I occasionally hear TSM customers and sales reps tell me that TSM's tape format is so proprietary that even a TSM server can't read it if it doesn't have the database for it. In other words, some people believe that TSM tapes don't need to be encrypted because if you someone got ahold of them, they couldn't read them without the TSM database. This is such a common belief that I have a TSM field manual from 2005 that says "There is no way to restore TSM backups (except for client backup sets) without the database." I would say that sentence would be correct if you added the phrase "in TSM" right after the phrase "TSM backups." I know of four different ways to read TSM tapes without using TSM at all. Click read more
to see what they are.
I'm not picking on TSM, here. Everybody else's tapes can be read without their catalog, too. It's just that I hear way too often
that TSM customers don't need encryption because you can't read TSM tapes without the database. So I wanted to set the record straight.
TSM's tape format is indeed proprietary. IBM doesn't publish the format and they often tout this as a feature, as I mentioned in the summary paragraph. That just means that someone would have to do some hard work to read it. Well, two commercial products and one open source product have done just that.
This is an e-discovery appliance. You can feed TSM, NBU, NW, ARCserve, & Backup Exec tapes to it, and it will read them. Not only will it allow you to restore data from those tapes, these appliances actually create a full text searchable index of the content of the tapes. This would allow you to perform a search against the contents of the tape that says something like "show me all files with this phrase in them."
This product is a disk targets for backups that performs deduplication. In order to do that, it actually deciphers the backups sent to it. In other words, it takes the backup stream and turns it back into the files that comprise that stream. It then compares those files for dedupe purposes. (They're also looking at adding full text search.)
This is an open-source product that can perform file-based restores from a TSM tape without using TSM at all.
IBM has a service
for "salvaging" data off TSM tapes whose database entries are gone. They don't guarantee success, but the mere fact that they CAN demonstrates finally that TSM tapes can be read without the database.
Translation: if you don't want them to be read, use encryption.