ADSM-L

Re: [ADSM-L] VTL's and D2D solutions

2012-07-02 18:11:27
Subject: Re: [ADSM-L] VTL's and D2D solutions
From: Shawn Drew <shawn.drew AT AMERICAS.BNPPARIBAS DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 2 Jul 2012 17:52:46 -0400
If someone pulls a disk out of the array, (replacing a bad disk, etc), you
can't tell a regulator/auditor that it was encrypted.  A purely
bureaucratic reason, but still valid.
Regulations pop up all the time without actual technical consideration. (I
want to punch anyone who says the words "7 years" to me!)

The OP's email address sounds like he's involved in the health care
industry.  They have the worst of it.  Almost as bad as the financial
industry.


Regards,
Shawn
________________________________________________
Shawn Drew





Internet
dplaflamme AT GMAIL DOT COM

Sent by: ADSM-L AT VM.MARIST DOT EDU
07/02/2012 05:35 PM
Please respond to
ADSM-L AT VM.MARIST DOT EDU


To
ADSM-L
cc

Subject
Re: [ADSM-L] VTL's and D2D solutions






On Jul 2, 2012, at 9:35 AM, Kevin Boatright wrote:

> We are currently looking at adding a Disk to Disk backup solution.  Our
current solution has a 3584 tape library with LTO-5 drives using TKLM.
>
> We have looked at Exagrid and Data Domain.  Also, I believe HP has a
solution.
>
> We will need to have encryption on the device and the ability to
replicate between the two disk units.

Why do you have to have encryption on the device?

No, that wasn't a sarcastic question.

If someone pulls a disk out of your DataDomain RAID, what can they do with
it? Your data is striped across many drives, in chunks that are admittedly
large enough to have a whole mailing address on it. Is someone afraid that
someone else will steal one or more drives and then read unstructured
streams of data looking for PII? Really?

There's no chance that a tape will fall off a truck as you ship your
backups off site. Sure, encrypt the VPN between sites, or use a dedicated
network. But that doesn't mean you have to encrypt your data on the
appliance, unless you're more paranoid than I am (or answer to people who
are more paranoid than I am). At this point, I start worrying more about
debacles from poor implementation or management of encryption than I do
about loss of unencrypted data.

> Anyone have any comments or recommendations?

Besides DataDomain, HP, and IBM, I'm sure the rest of EMC, Oracle, and
even small brands like Coraid would propose different solutions. For
example, why not replicate cheap disk, on top of which you build FILE
devices? Do you need the cost of a DataDomain or ProtecTier front-end, or
do you just replicate unduplicated data? Oracle and Coraid will sell you
large arrays of cheap disk with ZFS front-ends that could replicate data
if you need it and could deduplicate the data as justified. I'm not saying
I'd want to bet my job on Coraid, but others find there cost advantage
over DataDomain attractive.

> Thanks,
> Kevin

Nick


This message and any attachments (the "message") is intended solely for
the addressees and is confidential. If you receive this message in error,
please delete it and immediately notify the sender. Any use not in accord
with its purpose, any dissemination or disclosure, either whole or partial,
is prohibited except formal approval. The internet can not guarantee the
integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will)
not therefore be liable for the message if modified. Please note that certain
functions and services for BNP Paribas may be performed by BNP Paribas RCC, Inc.