Data Protection and Legal Archiving Protecting your most valuable assets

Transcription

1 Data Protection and Legal Archiving Protecting your most valuable assets Dr Axel Koester Senior Consultant, Enterprise Storage Luxembourg Storage Seminar,

2 IBM Storage Strategy Infrastructure Simplification Lower the complexity / consolidate Planning reliability Business Continuity Security, Availability Adapt redundancy level to business value Information Lifecycle Management Data Lifecycle Management, Expiration Regulatory Compliance 2

3 Legal Archiving News New European Guideline MiFID (Markets in Financial Instruments Directive) released in order to increase investor protection. Calls for transparence in financial service costs, especially commissions. Enforcement relies on auditable document management processes Accenture forecasts 1.2 Billion additional costs for the European Banking Business. Sun forecasts 12 Billion. 3

4 Legal Archiving Driving Forces: Cost & Risk COST RISK Storage People Reproduce liability data Not expose sensitive data Purchase* Administration EU+US laws Delete asap Maintenance Licenses kwh/cooling Resource planning Restore relevant data quickly after disasters 4

5 A Closer Look (1) COST RISK Storage People Reproduce liability data Not expose sensitive data Purchase* Administration EU+US laws Delete asap Maintenance Licenses kwh/cooling Resource planning Restore relevant data quickly after disasters 5

6 The Right Media for Legal Archiving There is no "forever digital media" Best long-term strategy is a media-independent archive ("evolving migration") Archiving on disks is not cheap in TCO terms Content addressed-storage was a nice idea, but 6

7 Media Purchase costs (IDC statistics) SATA disks seem cheap? Tape remains cheapest at a distance: $100,00 $/GB (Log scale) $10,00 $1,00 "Industry" Disk SATA Disk Tape $0,10 Source: IDC, IBM (tape)

8 Price Drop in Tape Media will (likely) outpace Disks: 8 TB per cartridge announced May 16th, 2006 Magnetic force microscope images 8 TB tape vs. LTO-3 More than 15 times the data density of today's most sold LTO generation 3 New technique used in IBM's Jaguar tape drives TS1120 Shingle technique Write wide, read narrow 1,5 µm track 15 µm track The demonstration was performed at product-level tape speeds (4 meter/sec) 8

9 8 TB per cartridge LTO and human hair DATA SERVO 9

10 Future Tape Materials Pre-structured Nanopattern 100 TB Tape IBM Almaden Research Center 2005 Reactive Ion Etching chip technology Expected price range 0.05 $/GB 100 TB capacity at 0.5 µm on standard ½ inch cassette Scale manufacture technically feasible in ~ 4 years 10

11 TCO: Backup to Disk versus Backup to Disk & Tape COST RISK Storage People Reproduce liability data Not expose sensitive data Purchase* Administration EU+US laws Delete asap Maintenance Licenses kwh/cooling Resource planning Restore relevant data quickly after disasters 11

12 Backup to Disk / to Tape IT shop example 10 TB online, 40 TB on archive disks 10 TB online, 10 TB on archive disks 30 TB on archive tape $8 / $3 per GB $8 / $3 / $0.4 per GB $ online $ archive $ $ online $ disk archive $ tape archive $ energy costs: ~double 12

13 Content-addressed Storage (CAS) Limits Uses a hash algorithm to generate a unique key per document Identical documents are stored only once Document management software memorizes the hash keys Breaking News MD5 algorithm as used in EMC Centera has hit performance scalability limits rumors about EMC redeveloping a CAS product are floating. (Byte and Switch, May1 2007) Implication: Forget all previous MD5 keys; re-generate new keys for new CAS. Looks like a 100% data migration. 13

14 "Media-independent" Archive Archive migrates smoothly from technology to technology Transparent for Document Management layer Tivoli Storage Manager Can hold archives on several media types at the same time Typically cache disks and 2-3 tape generations Media migration is daily business IBM Data Retention Archive naturally builds on TSM SSAM (System Storage Archive Manager) 14

15 A Closer Look (2) COST RISK Storage People Reproduce liability data Not expose sensitive data Purchase* Administration EU+US laws Delete asap Maintenance Licenses kwh/cooling Resource planning Restore relevant data quickly after disasters 15

16 Minimize Administration Effort for Legal Archiving IBM Data Retention Archive can re-use existing assets from the enterprise backup/archive architecture Libraries Tapes and leverage staff know-how TSM management Encryption Key management 16

17 A Closer Look (3) COST RISK Storage People Reproduce liability data Not expose sensitive data Purchase* Administration EU+US laws Delete asap Maintenance Licenses kwh/cooling Resource planning Restore relevant data quickly after disasters 17

18 Retention and Deletion Policies Time-based: Retain a document (file) for x years, then delete it Disallow modifications during retention period Event-based: Retain a document until the safekeeping reason expires E.g. retain HR documents until the person retires/leaves, plus one year 18

19 Retention and Deletion Policies Time-based: Retain a document (file) for x years, then delete it Disallow modifications during retention period Many retention systems offer only this Event-based: Retain a document until the safekeeping reason expires E.g. retain HR documents until the person retires/leaves, plus one year 19

20 Retention and Deletion with Triggers / Events Creation Deletion Retain for n years then delete Deletion Retain for n years after employee leaves Hold deletion if event occurs Trigger: "Employee retires" Event: Audit time 20

21 Event-enabled Retention System DR550 certified Regulatory compliant Entry-level Midrange Enterprise Event triggers Disk tier (young data) Tape tier (aged data) DR550 Express DR550 DR550+tape Entry-level Midrange Enterprise 21

22 Broad range of certified software solutions certified Regulatory compliant and obviously: 22

23 New for DR550 V3.5 (Available since January 26) Data shredding to overwrite expired objects 1 to 10 shreds XXXXXXXXXXX Information File Tape encryption key management support DR550 now manages crypto keys TS1120 with data encryption Call home and remote support incl. DS

24 New for DR550 V4.0 (Announced April 24, GA June 8) DR550 File System Gateway NFS and CIFS network file access to the DR550 Business Application Business Application Content Management Software Content Management Software SSAM Client NFS / CIFS client IP IP network network NEW! File System Gateway IBM System Storage Archive Manager Server Optional Tape Devices IBM System Storage DR550 24

25 2007: Extended Archive and Retention Portfolio DR550 To retain data for long periods and leverage tape Solution that offers lowest TCO N Series with SnapLock Same storage for both production and archive Overwrite / modify protection for n years Grid Access Manager or Grid Medical Archive Fixed content archiving solution across multiple sites, especially within healthcare 25

26 Functional Comparison of Archive Solutions Function DR550 GAM / GMAS N Series with SnapLock Integrated support for tiered storage solution (disk to tape single storage pool) Disk and Tape Nodes Disk only Integrated HSM No Multi-site capabilities No No Integrated backup/recovery Local encryption (Via Decru) Retention Management Features Management at file-object-level granularity Non-rewriteable and non-erasable files/objects Automated data migration No Chronological retention Event-based retention Via SSAM/TSM No Default retention periods Deletion hold/release (override for quarantine) Via SSAM/TSM No Auto-delete on expiration option Via SSAM/TSM No Remote mirror Dual Write No Hardware upgradeability Modular add Limited Mech replace Data shredding Via SSAM/TSM (volume level) 26

27 Disclaimers No part of this document may be reproduced or transmitted in any form without written permission from IBM Corporation. Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. This information could include technical inaccuracies or typographical errors. IBM may make improvements and/or changes in the product(s) and/or program(s) at any time without notice. Any statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. The performance data contained herein was obtained in a controlled, isolated environment. Actual results that may be obtained in other operating environments may vary significantly. While IBM has reviewed each item for accuracy in a specific situation, there is no guarantee that the same or similar results will be obtained elsewhere. Customer experiences described herein are based upon information and opinions provided by the customer. The same results may not be obtained by every user. Reference in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Any reference to an IBM Program Product in this document is not intended to state or imply that only that program product may be used. Any functionally equivalent program, that does not infringe IBM's intellectual property rights, may be used instead. It is the user's responsibility to evaluate and verify the operation on any non-ibm product, program or service. THE INFORMATION PROVIDED IN THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IBM EXPRESSLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR INFRINGEMENT. IBM shall have no responsibility to update this information. IBM products are warranted according to the terms and conditions of the agreements (e.g. IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided. IBM is not responsible for the performance or interoperability of any non-ibm products discussed herein. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. The providing of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents or copyrights. Inquiries regarding patent or copyright licenses should be made, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY USA 27

28 Trademarks The following terms are trademarks or registered trademarks of the IBM Corporation in either the United States, other countries or both. AIX AIX 5L BladeCenter Chipkill DB2 DB2 Universal Database DFSMSdss DFSMShsm DFSMSrmm Domino e-business logo Enterprise Storage Server ESCON eserver FICON FlashCopy GDPS Geographically Dispersed Parallel Sysplex HiperSockets i5/os IBM IBM eserver IBM logo iseries Lotus Linear Tape-Open, LTO, LTO Logo, Ultrium logo, Ultrium 2 Logo and Ultrium 3 logo are trademarks in the United States and other countries of Certance, Hewlett- Packard, and IBM. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States and/or other countries. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States and/or other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others. ON (button device) On demand business OnForever OpenPower OS/390 OS/400 Parallel Sysplex POWER POWER5 Predictive Failure Analysis pseries S/390 Seascape ServerProven System z9 System p5 System Storage Tivoli TotalStorage TotalStorage Proven TPF Virtualization Engine X-Architecture xseries z/os z/vm zseries 28

29 29