Brian Westerman wrote:
>….The advent of VTS systems made all of those problems ( which are
>real and happen all the time), dissolve, and you would be creating
>them all over again.

Radoslaw Skorupka wrote:
>Now the advantage, which can be considered HUGE: tapes can be moved.
>Easily moved. Single case may contain ~500TB of uncompressed data,
>~1.5PB compressed (before encryption). Regular passenger car can move
>multiple petabytes of data, secured with encryption. It is low profile,
>it can be hidden, moved to a vault, the place can be changed anytime, no
>infrastructure is needed, just closed room, etc.
>Maybe it sounds ridiculous, but it is not, when a war is just abroad.
>And yes, we have no war in Poland, but many organisations implemented
>such tape vault. Where? Usually the address is known for very few
>employees. However I'm pretty sure it is on the West, many times abroad.
>An address or addresses.

FWIW I’m sympathetic to both sets of arguments. Fortunately there are lots of 
storage options — including “small” physical tape options (Feature Code 5995!) 
— to address a wide range of concerns. “One size does not fit all.”

Not long ago I worked with a customer in a developing country that incorporated 
physical tape in their storage architecture because it makes sense for them. I 
informally dubbed their data backup/vaulting process "ScooterNet." Because 
that’s what they do, or are supposed to do anyway: backup their data at least 
once per day to encrypted tape (2 copies/2 sets of cartridges), load each tape 
set in the backpack of a scooter driver (with staggered appointments), and then 
one scooter driver rides to their alternate data center and the other rides to 
a data-only vault at a third site. With periodic checks to make sure the tapes 
are received, logged, and readable. Loop, repeat. It’s the most effective and 
discrete way to move lots of data in their operating environment. I’ve also 
worked with another customer in a developed country that currently doesn’t use 
any physical tape, but they have a third “data only” site with periodic IBM 
SafeGuarded Copies taken there. In the unlikely event they lose both their 
“full” data centers they’ll be offline for a while, but at least they’ll have a 
backup. In their environment and for their customers it all makes perfect sense 
because they have relatively small amounts of “lively” data that must be 
extremely well protected. Ongoing data access is reasonably important, but data 
integrity and preservation are much more important for them. So a “2-and-a-half 
site” approach is a good fit. And I can think of a third customer that couldn’t 
afford really anything except a remote physical tape library with WORM tape. If 
(when?) they lose their primary data center they’d be in a world of hurt. But 
at least they’d have a backup, and several days later (after scrambling to find 
an emergency server, etc.) they’d start to come back online. That might be 
called a “1-and-a-half site” approach. Not great, but at least it’s better than 
1.

In all these cases data immutability is important. That is, they don’t want any 
malware or other rogue act to destroy or tamper with their backup data. There 
are several options to render data immutable (albeit still destructible if 
you’re nefarious and get access to the physical storage media):


  1.  Writing to a tape cartridge, then physically disconnecting that tape 
cartridge (ejecting it) and storing it somewhere safe.
  2.  Writing to a WORM tape cartridge, optionally ejected.
  3.  Writing to Logical WORM virtual tape storage, a feature provided with the 
IBM TS7700 virtual tape libraries.
  4.  Writing to IBM DS8000 enterprise storage, then taking an IBM SafeGuarded 
Copy of those volumes.
  5.  Writing to cloud object storage that is technically rendered immutable in 
some reasonable way(s). IBM Z, IBM DS8000, and IBM TS7700 all support cloud 
object storage “backends” when suitably configured. Note that “cloud” can mean 
private cloud (on-premises), public commercial cloud, or some combination.

In all these cases you’d presumably maintain at least 2 copies in 2 physically 
separate locations to mitigate the risk of single site destruction. See the “2 
scooter method” above as one example. Storage devices may or may not be 
physically located near the servers they serve. In all these cases — especially 
(but not only) the physical tape cartridge cases since tape cartridges are 
expressly designed to walk — strong encryption on the storage media is 
important. And that means protecting private encryption keys, of course.

—————
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM Z/LinuxONE, Asia-Pacific
sipp...@sg.ibm.com


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to