Backup Central

Can one detect from the TSM server whether client-level encryption is set on or off for each backup node? Inquiring security admins want to know.

With my thanks and best wishes,
Keith Arbogast
Indiana University =

Keith,

This is not something that the TSM admin controls, and it is not enabled by node. The only way I know of to detect encrypted files is from the client-side DSMC CLI. E.g., dsmc query backup .... -detail, should show you which files are encrypted and using what encryption algorithm. I do not think this will show you how the encryption keys are managed, however.

Note that if a file is backed up unencrypted, adding an "include.encrypt" rule to encrypt it does not automatically cause that file to be backed up again using encryption. The addition of the encryption include is not recognized by TSM as a reason to backup the file. We have had more than one user surprised by this.

Paul Zarnowski
Cornell University

At 03:52 PM 2/8/2012, Keith Arbogast wrote:
Can one detect from the TSM server whether client-level encryption is set on or off for each backup node? Inquiring security admins want to know.

With my thanks and best wishes,
Keith Arbogast
Indiana University


--
Paul Zarnowski Ph: 607-255-4757
Manager, Storage Services Fx: 607-255-8521
719 Rhodes Hall, Ithaca, NY 14853-3801 Em: psz1 < at > cornell.edu

For TSM 5.5.6:
- encryption for files only from client:
dsmc query backup "<directory>/<file or sample with * and/or ??>" -detail -traceflags=query
- for TDP for Oracle on TSM Server:
Q ACTLOG OR=CLIENT NODE=<TDPO node> and check end of "backup/restore details ...." lines for "Encryption: AES_128BIT"
Good luck!

Grigori G. Solonovitch
Senior Technical Architect Ahli United Bank Kuwait www.ahliunited.com.kw

Please consider the environment before printing this E-mail


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L < at > VM.MARIST.EDU] On Behalf Of Keith Arbogast
Sent: 08 02 2012 11:52 PM
To: ADSM-L < at > VM.MARIST.EDU
Subject: [ADSM-L] Detect client-level encryption from the TSM server?

Can one detect from the TSM server whether client-level encryption is set on or off for each backup node? Inquiring security admins want to know.

With my thanks and best wishes,
Keith Arbogast
Indiana University

Please consider the environment before printing this Email.

CONFIDENTIALITY AND WAIVER: The information contained in this electronic mail message and any attachments hereto may be legally privileged and confidential. The information is intended only for the recipient(s) named in this message. If you are not the intended recipient you are notified that any use, disclosure, copying or distribution is prohibited. If you have received this in error please contact the sender and delete this message and any attachments from your computer system. We do not guarantee that this message or any attachment to it is secure or free from errors, computer viruses or other conditions that may damage or interfere with data, hardware or software.