STORAGE MANAGEMENT/MASTER: Building an Affordable Practice for Regulation Compliance Getting the...
-
Upload
arlene-marianna-harrell -
Category
Documents
-
view
218 -
download
0
Transcript of STORAGE MANAGEMENT/MASTER: Building an Affordable Practice for Regulation Compliance Getting the...
STORAGE MANAGEMENT/MASTER:
Building an Affordable Practice for Regulation Compliance
Getting the most out of existing technology
Marc FarleyPresidentBuilding Storage, Inc.
The changing role of IT:
From data center
managers
To data stewards
The IT function will resemble a data library
Searching, archiving and retrieving data
Regulations are forcing the issue
Mandated data management
• Privacy, security
• Long-term availability
Regulation compliance adds new costs
Planning costs
• Legal interpretation, capabilities assessment,
solution designs, product evaluations
Technology costs
• Hardware and software, maintenance
Operating costs
• Day-to-day tasks, reports, audits, coordination
Hidden costs
• Obsolescence, failure, proprietary traps
Risk management
What is non-compliance?
• Missing data
• Slow retrieval
Corporate risks
• Fines
• Reputation
Personal risks
• Jail time (obstruction of justice)
• Exposure of incompetence
How to pass scrutiny
Act responsibly
Act reasonably
Act consistently
Keep records
Responsible management (Why didn’t you do this?)
Have a plan with good intentions
Integrate the plan into all deployments
Management commitment and
accountability
Managing down to IT line workers to
understand problems/opportunities
Reasonable management (2)(Why did you do it this way?)
Average to above-average efforts and staffing
Incremental change, not revolutionary change
Prioritizing areas needing improvement
Cost analysis and rationale
Consistent management (Why did you do it differently this time?)
Adherence to guiding principles
Maintaining and complying with
operations schedules
Making measurements (adding metrics
where needed)
Minimizing deviations
Document your decisions & work
Meeting notes and decision rationale
Management approval and sign-offs
Strategic initiatives and priorities
Operating plans and schedules
Operations records and logs
Known problems and severity
Getting started is a matter of willpower and words…
A mission statement for IT that includes
responsible and thorough data
management
Sponsorship from senior corporate
management
Adjust job descriptions to include
compliance and data management.
…Continuing is systematic work
Disciplined operations
Systematic documentation
Management oversight
Set reasonable expectations
Regulations are new and legal
interpretations are likely to change
Set numerous, smaller, incremental,
achievable goals
Focus area #1: Re-examining backup
Backup capabilities/conditions
Archiving role of backup
Alternative backups for archiving
Analyze backup capabilities
Analyze available backup logs
Review software releases/updates
Hardware age, errors and wear and tear
Backup metadata growth and pruning
Tape naming conventions
Archiving with your backup system
Review and adjust existing archiving
operations as necessary
• Monthly, quarterly, yearly?
• How are archives identified?
• Separate backup jobs or tape copies?
• How are restores done?
• How would regulatory restores differ?
Analyze archiving operations
Age and wear of tapes used for archiving • How are tapes selected for archiving?
Verify and document test restores from archives
Verify availability of backup metadata for restores.
Review data retention policies• How long are tapes kept?
• Is there an expiration policy?
Consider separate backup installations for archiving
• If you would consider a separate disk
archiving system…..
• Why wouldn’t you consider a second backup
installation that archives data?
Consider separate backup installations for archiving (2)
Most data exists in the system for 1 month
Most e-mail exists in the system for 1 quarter
Separate software installations may be a good idea
• Different metadata is probably a very good idea
• Different naming conventions are a good idea
• Yearly (new) re-installs may be a good idea
Additional backups can also be used for DR practice and real DR scenarios
Caveats with separate backup installations
May require different backup products
• Platform restrictions
• Application assumptions
Possible confusion during operations and
with tapes media management
• “Foreign” media could be overwritten by mistake
• Confusion during disaster recovery is not good
Focus area #2: Point-in-time snapshots on disk
PIT snapshot capabilities and coverage
Archiving role of snapshots
Purpose of point-in-time snapshots
Disaster recovery
Data versioning
Software/system testing
Backup processing
Archiving (WORM)
Snapshots for archiving
One time write (or copy)
Full snap, not partial
Secondary storage
• ATA or SATA disk drives
Can be powered off
• Keeps data from being overwritten
Quarterly operations
Final thoughts on meeting regulatory requirements
4 extra copy cycles per year
• Look for things that fall through the cracks
Integrate with other migration/expiration cycles
and policies
Redundant copies of all archives are required
• Tape copies should suffice
• Backup coverage not
Media/devices should be exercised yearly