Law, Steve [UK] wrote:

> I'm no Legato expert but have a problem I'm hoping someone can help
> with. 
> 
> We currently use Legato (7.1.3 build 404 on Win2003) with a tape library
> with a standard rotation cycle where the tapes are taken off site every
> day and returned 2 or 4 weeks later depending on what day it is. We have
> two pools, one ("DailyProduction") for the main data backups going to 3
> tapes and a second ("DailyIndex") which just writes the indexes to a
> dedicated volume, as we found that makes it much quicker to recover the
> bootstrap and indexes etc in a disaster recovery situation. 
> 
> We have a gang of guys who change tapes for us, and because we need the
> tapes in the cycle to be overwritten, they delete the volumes from the
> Legato volumes tab and then run batch file nsrjb commands which relabel
> the tapes according to the day and week and the pools they need to be
> in. 

What a strange way of running your tape rotation. Are you saying that
you routinely relabel tapes that have not yet expired? Not only is this
labour intensive, it is also very dangerous in that it is only a matter
of time before someone overwrites a tape that they shouldn't. You would
be much better advised to design your retention periods so that you
backups have expired when you need to re-use the tapes, then there
wouldn't be any manual relabelling required.

> 
> Due to SOX compliance mgmt now want specific files on our Notes servers
> to be backed up daily, removed offsite daily and kept for 7 years. Our
> solution is to introduce a new set of 5 daily tapes which will go round
> and round and never be relabelled so that the Notes files (only about
> 700mb) keep being appended to these tapes until they fill up and are
> replaced.   

This is also a strange idea. Are you going to offsite these tapes then
recall them a week later to append to them? This is hardly a good way of
keeping long term data secure. Why don't you just keep one tape in the
library for this until it is full?

> 
> Our concern is that the tape changing guys will put these tapes in with
> the rest and accidentally relabel them. To do this they would have to
> first delete the Volume entry within Legato, but frankly we wouldn't put
> it past them, even if these Notes tapes have a radically different
> volume name to the usual daily data volumes. The nsrjb batch files
> address the first 4 or 6 tapes in the slots (depending on whether it's a
> weekday or weekend backup), but if the Notes/SOX tape was accidentally
> put in these first slots, then it would be a temptation for one of the
> tape guys to think "Weird name, oh well might as well delete the volume
> entry just like with the others". And if there were 6 months of appended
> backups on the tape, that would be bad. 

I would also be concerned about this. You have a sophisticated product
that can easily and correctly be configured only to delete/recycle the
correct tapes, yet instead you instruct a bunch of operators who
probably don't understand the intricasies of your backup environment to
make decisions on which tapes to manually delete/overwrite. And you also
expect them to make this decision based on what slots the tapes happen
to have been deposited into.


> 
> So I'm looking for a way to make sure these tapes/volumes are appendable
> but not relabel-able. Is there a way I can make volumes within that pool
> "read-only" so they can't be deleted, but still appendable? Are there
> extra ways I can protect the tapes in this Notes/SOX pool beyond setting
> up a strict procedure to pass onto the tape changers?

I think you should be looking for a serious redesign of your tape
management practices. Let NetWorker do the hard work, not your
operators. It is less likely to make a mistake.

To answer this question directly, no there is no way you can ever
prevent any volume from being deleted.

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER