the 5 pillars of tape management
DESCRIPTION
Computer backup tapes were once seen as a consumable that could be ordered, used and discarded with little consideration for the chain of information custody. Today tapes are more robust and reliable and must be managed as a company asset.This document outlines 5 critical considerations for managing computer backups along with proposed internal standards and Key Performance Indicators (KPIs) that can be used to measure tape management effectiveness.TRANSCRIPT
The 5 Pillars of Tape Management
GazillaByte LLC
August 2012
ABSTRACT:
Computer backup tapes have played a critical role in the information processing
landscape since the early 1970s.
Over this time tape technology has continued to develop in parallel with disk technology
and has maintained its inherent advantage as the media best suited for long term
backup and archiving.
The management of tape is a highly specialized sub-discipline of Information
Management and if not done adequately can have significant negative consequences.
This document will outline the 5 critical considerations of tape management.
Introduction
Tape plays a critical part in the day to day operations of most medium to large
enterprises around the world.
While High Availability (HA) technologies such as redundant disk (RAID) and real-time
replication have significantly reduced the chances of a catastrophic data loss, they are
not well suited to protecting against data corruption or deletion.
As we approach the era of “Big Data” tape remains perfectly placed as the optimal 1st
tier backup mechanism and 2nd tier archival mechanism.
Although tape plays a critical role within the enterprise it is often overlooked when it
comes to the implementation of management systems. These management systems are
essential in ensuring the inherent challenges associated with managing offline data are
continually met.
The challenges of managing tapes can be viewed as 5 discrete yet related functions.
These functions form the 5 Pillars of Tape Management.
While the challenges of tape management may change in complexity and magnitude as
the number of tapes increases these 5 Pillars of Tape Management remain constant.
Conceptually, each of the 5 Pillars answers a fundamental question about the overall
management of a tape library.
Pillar Question
Asset Management What do we have? Chain of Custody Who has been in touch with it? Library Management Where does it go? Disaster Recovery Are we in a position to recover? Quality Control How are we doing?
Asset Management
Computer backup tapes were once considered a consumable, which could be ordered,
interchangeably used and thrown away with little to no special consideration.
Today, however, as tapes have increased in storage capacity and reliability they can no
longer be considered as a consumable, today, each tape volume is very much an
individual asset of the enterprise.
This can be demonstrated by the fact that, while many enterprises lease almost all
other critical technologies such as mainframes, software, servers and laptops, they
continue to own their tapes.
With a modern tape holding terabyte of information, irrespective of the number of tapes
an enterprise owns, it is essential that every single tape be uniquely identified and that
these tapes be considered a fixed asset of the organization.
When implementing a tape management framework, it is essential that a
comprehensive and robust set standards be developed and that these standards are
related to a corresponding set of Key Performance Indications (KPI’s).
Asset Management Standards
Every tape must be added to the asset management system at the point that it is
ordered.
Every tape must have a unique volume serial number and that where possible
that volume serial number is tied to the manufacturer’s serial number or CM
Chip.
That where multiple tape ownership exists within the asset management system
that the ownership of the tape is recorded.
Every tape should have a single fixed visual label attached. This label should
remain constant for the life of the tape and should be attached to the tape itself
and never the tape case.
That all stake holders in the tape management chain should know each tape as
the same single volume serial number.
Where possible the asset management system should be connected to all tape
management systems within the enterprise.
Asset Management KPIs
Number of tape volumes not in the asset management system.
Number of tapes with duplicate primary identifiers.
Number of tapes with more than one identifier.
Number of active tapes not electronically synchronized between the asset
management system and distributed tape management systems for more than
one day.
Number of active tapes existing in distributed tape management systems but not
in the asset management system, or the other way around.
Chain of Custody
Knowing who has handled a tape and when it was handled has always been considered
good practice, but in recent years corporate governance, privacy, information handling
and critical infrastructure laws have been introduced1 in many jurisdictions. It is
expected than further laws will be passed in the future.
In addition to this, over the past decade Common Law precedents have been
established that specifically acknowledge the importance of retaining a constant chain
of custody within tape management2.
In developing a standard for chain of custody it is critical that the standard incorporates
all stakeholders in the tape management lifecycle and that no change in custody goes
unrecorded.
1 HIPPA (USA), Sarbanes-Oxley (USA), Data Protection Act (UK)
2 Linnen V Robins (http://cyber.law.harvard.edu/digitaldiscovery/digdisc_library_9.html)
All enterprises should also consider locking the chain of custody database so that it
cannot be manipulated from outside the asset management software. It is highly
recommended that the following enterprises require that the chain of custody record
cannot be retrospectively modified:
Enterprises which operate under Freedom of Information laws such as policing.
Enterprises with a high security requirement such as defense and intelligence.
Enterprises with a high chance of litigation such as healthcare and
pharmaceutical.
Enterprises with a high degree of regulation such as transport and financial
services.
Enterprises under strict Corporate Governance laws such as publically listed
corporations.
Chain of Custody Standards
That every change in physical location of a tape be recorded.
That any data which influences the location of a tape, such an expiry or move
date be recorded and that any change to this data also is recorded.
That changes to a chain of custody record can only occur through the asset
management software and that where third party modifications are required that
this can only occur though an Application Programming Interface (API) call.
That for a change in the chain of custody to occur a user must be authenticated
and securely logged on.
That the User-ID, date, time, location and interface of the updating user be
recorded for each update that changes the location or may influence the location
of a tape in the future.
That chain of custody events exist for acquisition, usage, movement,
decommissioning and destruction of each tape volume.
That regular automated audits are run comparing known information and looking
for discrepancies within the chain of custody.
Chain of Custody KPI’s
Number of chain of custody events being captured per stakeholder.
Number of atypical chain of custody events recognized and recorded.
Number of individual audit failures.
Number of chain of custody changes that occur outside the asset management
system (when allowed).
Library Management
As tape libraries grow, it becomes increasingly costly to store all tape volumes in
robotically controlled devices. It may also be undesirable to store tapes which are
critical or subject to litigation within an environment where they could potentially be
overwritten.
Having a Library Management standard in place will ensure that tapes can be easily and
reliably located should they be required.
Conceptually, two Library Management methodologies exist today:
1. Arbitrary Library Management: this is where the tape librarian puts a tape in a
specific location and records the location within the tape management database.
2. Allocation Library Management: this is where the system assigns a location for a
tape to be stored and the tape librarian confirms with the system that the tape
has been placed in that location.
Each of these two methodologies have advantages and disadvantages, with the former
requiring a less complex tape management system and a higher dependency on
process and the latter requiring a more capable tape management system that provides
instructions and confirmation of compliance.
Library Management Standards
That the system records the current location of a tape, and in the event that it is
moving, also the target location.
That the system records the location of a tape down to an individual single tape
slot.
That a barcode or RFID reader confirms the storage of each tape.
That the slotting design avoids large numbers that can be forgotten or confused
during tape handling.
Library Management KPIs
Number of tapes found to be in the wrong location.
Number of tapes which can be accurately picked and pulled per minute.
Time spent in double handling tapes.
Regularity of physical audits.
Time spent in correcting errors found during physical audits.
Number of tapes considered permanently lost
Number of tapes that cannot be located but are not considered permanently lost.
Disaster Recovery
As computer hardware and associated infrastructure have evolved High Availability
subsystems have considerably reduced the probability of a disastrous situation
occurring. It however remains prudent that all enterprises retain a high degree of
Disaster Recovery readiness.
A comprehensive Disaster Recovery Plan should at the very minimum address the risk
of data corruption of loss caused by:
1. Accidental or malicious actions of staff.
2. Programmatic data corruption.
3. Failure of storage and replication sub-systems.
4. Virus, Denial of Service (DoS) and other system shutdown caused by security
compromise.
5. Hardware and storage asset confiscation by law enforcement agencies under
court order.
Disaster Recovery Standards
Identify all significant perceivable risks to the continuation of information
systems.
Develop a disaster recovery plan that takes into account the worst case
scenario while avoiding optimistic projections of favorable outcomes.
Develop a disaster recovery plan which includes an option to restore from
scratch (a Bare Metal Restore option).
Pre-identify all tapes that would be required to restore each and all systems,
including key catalog backups.
Set a realistic recovery time objective and recovery point objective.
Test the plan regularly using staff who are unfamiliar with the process
(excluding staff who are familiar with, or who have been involved with the
creation of the Disaster Recovery Plan) to ensure that they can follow the
documented recovery plan.
Perform both planned and snap disaster recovery tests.
Disaster Recovery KPIs
Recovery Point Time.
Disaster Recovery Test regularity.
Diversity of staff able to follow the Disaster Recovery Plan.
Number of times the most recent recovery point is not available for restore.
Number of recovery point that would be available should they be required.
Quality Control
The most critical component of any management framework is its ability to constantly
measure its effectiveness with a goal of constantly improving each process and
ensuring that there is no degradation in the overall quality of solution.
When managing a tape library there are many indicators that can be used calculate the
overall library health.
Quality Control Standards
The Quality Control mechanisms should provide an overall library score based on
real-time information.
Quality Control scores should be recorded over time to produce a historical
record of process performance and to visually demonstrate process
improvement.
The Quality Control mechanism should provide a diagnosis along with clear
instructions on how to cure all identified problems.
Quality Control KPIs
Days since last library synchronization.
Existence of offsite tapes.
Days since last offsite.
Existence of pre-identified lists of critical tapes which need to be offsite
Days since the last list of pre-identified tapes was produced.
Number of predefined lists which have one or more tapes not offsite.
Number of reconciliation errors.
Number of tapes with low quality scores.
About GazillaByte
GazillaByte LLC is based in Colorado USA where it develops and supports its flagship
TapeTrack tape management software.
Today TapeTrack is used by over 4000 enterprises around the world. These companies
range from the top of the Fortune 500 through to newly created technology companies
that you are yet to hear of.
To learn more about TapeTrack, visit the product website at www.tapetrack.com, or call
GazillaByte LLC on +1-720-583-8880 to organize a free 90 day no obligation trial of our
unique technology.