Does TSM client encrypt or decrypt the client data which is already been encrypted before taking backup ?


The Tivoli Storage Manager client makes no special provisions for data on a machine that has been previously encrypted, such as from third party vendor programs or NTFS EFS. From the perspective of Tivoli Storage Manager there is no difference between the encrypted data and plain text. Tivoli Storage Manager will take the data as it exists and store it in Tivoli Storage Manager Server storage. Tivoli Storage Manager makes no attempts to decrypt the data prior to storing it in the Tivoli Storage Manager server. 

Then when it is restored, Tivoli Storage Manager puts the data back as it was on the disk. If that was previously encrypted, then the third party program will be needed to decrypt that and bring it back to it's plain format.

Also Read: Limitations of using TSM Tape Drive Encryption

Starting with the Tivoli Storage Manager V5.5 Client, the EFSDECRYPT parameter was introduced for AIX Client's only. This can allow the client to decrypt JFS2 encrypted files to plain format before having them stored into the Tivoli Storage Manager Server. The default is EFSDecrypt=NO to not decrypt the files. 

Efsdecrypt option

The efsdecrypt option allows you to control whether or not files encrypted by an AIX Encrypted File System (EFS) are read in encrypted or decrypted format. The efsdecrypt option default is no, which is to back up the encrypted or raw data. If you specify yes, the files are backed up as clear text, which means that they are backed up as normal files, as if the files existed in unencrypted form on the file system.

Another important point to remember if you want to use this options for your backups. Whenever you run a backup that includes any files encrypted on an EFS, you must ensure that you use the correct specification of the efsdecrypt option. If the efsdecrypt option value changes between two incremental backups, all encrypted files on EFS file systems are backed up again, even if they have not changed since the last backup. For example, if you are running an incremental backup of encrypted files that were previously backed up as "raw," then ensure that efsdecrypt is specified as no. If you change efsdecrypt to yes, all the files are backed up again in clear text even if they are unchanged, so ensure that you use this option carefully.

efsdecrypt syntax

                                     .-No--.   
>>-EFSDecrypt-------+-----+-----------------------------------------><
                                    '-Yes-' 

Suppose if the Tivoli Storage Manager client configuration is setup to encrypt it's own data stream to the Tivoli Storage Manager server. In this case Tivoli Storage Manager will take the data as it exists on the client and encrypt it and store it in the Tivoli Storage Manager server in it's own encrypted format. This means that if the data has been previously encrypted, Tivoli Storage Manager will encrypt the data again using it's own encryption method, and store this in the server. Then when it is restored, Tivoli Storage Manager decrypts the data back to it's original form as it was on the disk. If that was previously encrypted, then the third party program will be needed to decrypt that and bring it back to it's plain format. 

Also Read: Different types of libraries supported by IBM Spectrum Protect (TSM)




What Others are Reading Now...

0 Comment to "Does TSM client encrypt or decrypt the client data which is already been encrypted before taking backup ?"

Post a Comment