IBM Spectrum Virtualize Safeguarded Copy


Several months ago I was asked by a local organization here if I could recover files from a system that had been encrypted by a ransomware attack.  After looking at the hard drive in the system and doing some research, I told the organization that I could not.   It did not have a backup of the files, at least not a recent one.  The most critical  data loss for this organization was financial records.   It took a few months and a lot of work to recover most of the missing records.     Had the organization done something as simple as periodically plug in a USB drive, run a backup and then remove the drive, that would have saved them a lot of work.   The USB drive is somewhat of an immutable copy of the data, at least as long as it is not plugged into the computer while the computer is still infected.   However, a USB-attached drive doesn't really scale well  at the enterprise level, and it is not a true immutable copy, since if it is plugged back into a computer that is infected, it will be encrypted also.  

The answer for cyber attacks and other problems is IBM Safeguarded Copy.  Safeguarded Copy creates a copy of the production data that cannot be accessed directly by a host.  The copy is immutable - hosts or applications can't read from or write to the copy once it is created. This prevents ransomware from attacking past copies of data.

Here are some uses cases for Safeguarded Copy, in addition to creating immutable copies of the data:

  • Data Validation - regularly test the copy to ensure it is good data without affecting the production data
  • Data extraction - extract only the data that is needed from the copy to restore back to production rather than restoring an entire volume
  • Offline backup - back up the copy to tape or other medium to create a greater retention period or meet any regulatory requirements.
  • Catastrophe - restore an entire environment if the Safeguarded copy is the only option
  Safeguarded Copy also allows for separation of duties.  The same person that creates a Safeguarded copy cannot modify the copy once it is created.  This prevents malicious insider threats.  The Safeguarded Copy feature has 3 roles:

  • The administrator can create Safeguarded Copies and Policies but cannot delete existing copies or damage them
  • The superuser can remove copies or the backup location (a pool) but this account can be disabled for security.  It can be re-enabled by IBM Remote Support
  • The Security  Administrator can managed users, security and remove a Safeguarded Copy or a pool
If you are concerned with security, you could disable the superuser account and not define a Security Administrator role.  This would effectively prevent deletion of Safeguarded Copies.  However for advanced maintenance tasks the Superuser would need to be re-enabled.  

Safeguarded Copies are immutable because they can't be mapped to a host.  They use existing FlashCopy technology and are (or can be) automatically created on a pre-defined schedule.   They are stored in a pool separate from all other volumes.    IBM Copy Services Manager is used to manage the Safeguarded Copy process and restoring data to a host.  You can find a great video here:

See this IBM Redbook for a guide on implementing Safeguarded Copy in your environment:


Popular posts from this blog

Troubleshooting Slow Drain Devices on Broadcom Switches

Spectrum Virtualize NPIV and Host Connectivity