Dear IBM/Tivoli: Transport Encryption

Dear IBM,

At SHARE a couple years ago you were presenting the new stuff going into Tivoli Storage Manager 5.3. A number of us ganged up on your staff afterwards and told you we need transport encryption. Not total encryption of our data, but just something like SSL so that we could move data on untrusted networks.

You asked why we couldn’t just encrypt all of the data, which is a feature you offer. We didn’t like that because there are a lot of other gotchas there. The biggest gotcha is when our customers forget their encryption key. Yeah, we know, they’re dumb, but it’s a real-world problem. When they forget their TSM node passwords we can just reset them. We can’t do that for the encryption key.

We talked, you listened, and you thought transport encryption, like SSL, was a swell idea.

It isn’t in TSM 5.3.

Could you add it? I still really need it, and I’m guessing that the ten other guys in the swarm after the presentation still need it, too.



2 thoughts on “Dear IBM/Tivoli: Transport Encryption”

  1. If you want them to actually have it go through approvals and project plannint, then you’ll have to call support or sales and request that they submit a FITS request.

    The Notes database is on D03DB004 -> m_dir -> FITS

  2. Though, you could use current patch level, ENABLECLIENTENCRYPTKEY YES and AUTHENTICATION NO . They recommend against this because the encryption key isn’t stored encrypted. The benefit is that you don’t need the TSM.PWD from passwordaccess generate in order to do the restore. It’s still STORED encrypted, but the key is stored in the TSM server database.

Comments are closed.