IBM Spectrum Virtualize Safeguarded Copy

 


Several months ago I was asked by a local organization here if I could recover files from a system that had been encrypted by a ransomware attack.  After looking at the hard drive in the system and doing some research, I told the organization that I could not.   It did not have a backup of the files, at least not a recent one.  The most critical  data loss for this organization was financial records.   It took a few months and a lot of work to recover most of the missing records.     Had the organization done something as simple as periodically plug in a USB drive, run a backup and then remove the drive, that would have saved them a lot of work.   The USB drive is somewhat of an immutable copy of the data, at least as long as it is not plugged into the computer while the computer is still infected.   However, a USB-attached drive doesn't really scale well  at the enterprise level, and it is not a true immutable copy, since if it is plugged back into a computer that is infected, it will be encrypted also.  

The answer for cyber attacks and other problems is IBM Safeguarded Copy.  Safeguarded Copy creates a copy of the production data that cannot be accessed directly by a host.  The copy is immutable - hosts or applications can't read from or write to the copy once it is created. This prevents ransomware from attacking past copies of data.

Here are some uses cases for Safeguarded Copy, in addition to creating immutable copies of the data:

  • Data Validation - regularly test the copy to ensure it is good data without affecting the production data
  • Data extraction - extract only the data that is needed from the copy to restore back to production rather than restoring an entire volume
  • Offline backup - back up the copy to tape or other medium to create a greater retention period or meet any regulatory requirements.
  • Catastrophe - restore an entire environment if the Safeguarded copy is the only option
  Safeguarded Copy also allows for separation of duties.  The same person that creates a Safeguarded copy cannot modify the copy once it is created.  This prevents malicious insider threats.  The Safeguarded Copy feature has 3 roles:

  • The administrator can create Safeguarded Copies and Policies but cannot delete existing copies or damage them
  • The superuser can remove copies or the backup location (a pool) but this account can be disabled for security.  It can be re-enabled by IBM Remote Support
  • The Security  Administrator can managed users, security and remove a Safeguarded Copy or a pool
If you are concerned with security, you could disable the superuser account and not define a Security Administrator role.  This would effectively prevent deletion of Safeguarded Copies.  However for advanced maintenance tasks the Superuser would need to be re-enabled.  

Safeguarded Copies are immutable because they can't be mapped to a host.  They use existing FlashCopy technology and are (or can be) automatically created on a pre-defined schedule.   They are stored in a pool separate from all other volumes.    IBM Copy Services Manager is used to manage the Safeguarded Copy process and restoring data to a host.  You can find a great video here:



See this IBM Redbook for a guide on implementing Safeguarded Copy in your environment:






Comments

Post a Comment

Popular posts from this blog

Image
Troubleshooting CRC Errors On Fibre-channel Fabrics There is no "Easy Button" for troubleshooting CRC errors. It is an iterative process. You make a change, you monitor your fabric, and if necessary you make more changes until the issues are resolved. I frequently have customers who want it to be a one step process. It can be, but usually takes multiple steps. Having said that, before we can fix them, we need to know what CRC errors are and why they occur. What Are CRC Errors? When Do they Occur? The simple answer is that CRC errors are damaged frames. The more complicated answer is that before a fibre-channel frame is sent, some math is done. The answer is added to the frame footer. When the receiver gets the frame, the receiver repeats the math. If the receiver gets a different answer then what's recorded in the frame, then the frame was changed in flight. This is a CRC error. The only time these happen is if the physical plant - cabling, SFPs is somehow
Read more

Troubleshooting Slow Drain Devices on Broadcom Switches

Image
  Slow drain devices are one of the more common problems on storage networks.  They can occur for a variety of reasons.  For a refresher on how they can affect your storage network you should watch  this video .    In this blog post I will go through the basic steps to troubleshoot a slow drain device on a Broadcom fabric.    I will be using command line output from switches.  The CLI format lends itself better to a blog post more readily than screen shots from a GUI, and the commands are consistent across different versions of FOS.    SANnav is a huge change from Brocade or IBM Network Advisor and the screens would look quite different between the two. The first command we will be using is porterrshow.    The above output has been truncated for the ports we are interested in. The counters of interest are in the c3timeout column.  You can see that there are 2 sub-columns, 'tx and 'rx'.   'tx' means the switch is trying to send frames to the device attached to that p
Read more

Spectrum Virtualize NPIV and Host Connectivity

Image
 A while ago I wrote  this post  as an introduction to the Spectrum Virtualize NPIV feature.  In this follow-up post I thought I would focus more on host connectivity and the effects of NPIV.    You can watch a quick review of the NPIV feature in this IBM Systems Rockstar video:      NPIV has 3 modes: 1.  Disabled - this mode means that hosts cannot connect to the virtual World Wide Port Names  (WWPNs) on the Spectrum Virtualize cluster, regardless of the fabric zoning 2.  Transitional - this mode means hosts can connect to either the physical or virtual WWPNs on the cluster.  If a host is zoned to both, it will connect to both.   Transitional mode is meant to only be used while you are migrating to NPIV mode and rezoning your hosts to the virtual WWPNs.  It is not meant to be used permanently or even long-term.   3.  Enabled - this means hosts can only connect to the virtual WWPNs.  If they are zoned to the physical WWPNs the connection will be listed as 'blocked' in the devic
Read more