AWS S3 Glacier as target for Cloud Container Pool

[Mita201]

Hi,

Is it supported to use AWS S3 Glacier as a target for ISP Cloud Container Pool, that will be used for protecting on-site container pool?

Any experience with such configuration?

 

[RecoveryOne]

I have no experience with shuffling data to the cloud, but I did find this blurb on IBM's site:

What's new: Send data to an Amazon S3 Intelligent-Tiering storage class

With IBM Spectrum Protect Version 8.1.8, you can send data to an Amazon Simple Storage Service (S3) Intelligent-Tiering storage class. When you configure a storage pool with the S3 Intelligent-Tiering storage class, data will be sent to the storage pool by using the Amazon S3 protocol.

www.ibm.com

But that doesn't really go into Glacier. Most things for Glacier seem to be in lines of using it as a VTL with a tape gateway device. So, I guess if you looked at it from that aspect of a VTL, then it would be fine. Heck, with the newer versions of Spectrum Protect, could send the data in native format, and not in the container compressed format. So, you wouldn't have to restore your primary container pool before you could service client restores.

The issue with glacier, from my understanding, is the access speed. Those restores might sit in a 'waiting' state' for some time.

I would be interested what IBM would say if you open a point. Heck, even interested in some ballpark costs of using AWS for storage if you are able to share that. If not, I totally understand.

 

[dietmar]

... i always find it interesting promoting S3 as a Backup Storage for Disaster Recovery. From my point it is mostly a "no, no and no", even if i have not seen it working.

BUT what i have seen multible Times is a Ransomware attack. And if you are in such a Situation, i am sure you will have no Internet Access, as this is the first which is "plugged out" ....

but hey, the local Datacenters MUST have the same limited tech which is used in the Internet . ( i mean an S3 could never ever match a SAS/SAN Storage / Tapes in Speed and costs ) ....

Everthing which has admin rights could be hacked and deleted,factory reseted ( HW Servers, OS , Storage ) , but NOT Tape . This could "only" be erased in sequence ( very slow ) or physical destroyed , both much much better.

S3 for legal long term Archive ( no need to get it back in DR ) is fine , but i would never go for a S3 replacing Tape.

Having a local S3 is risky as having local Storage , with admin rights the system is gone within minutes . All the immune stuff does not help if the Storage behind gets wipped out .

just my 2 cents on this

Dietmar

 

[dietmar]

.. if you get hit by a big/real Randsomware attack, they will try to destroy your Backup Infrastructure as well. So they delete all Storage Snapshots, and factory reset your Backup Storages . Always keep in mind that the hackers could catch ALL passwords.

 

[RecoveryOne]

dietmar,
I hear what you are saying. Why I keep saying year after year that tape is king. It is proven, can be high performance, large capacity for cheap, and most important to me is physically isolated. That said, the push for the cloud will never go away.

As to ransomware, why I love my AIX boxes. I have them locked down that my infosec team keeps asking me to undo some things so they can 'properly scan them for vulns' externally. My next goal is enabling Trusted AIX.

 

[dietmar]

The used Backup OS was not the point ( at least for the Data ) , because the Backup Storage got factory resetted,rebuild and formated . Problem is if u unplug the admin interface of the Storage u have no Hardware Monitoring ... :/ . I don't know if there is a feature on Storage Systems which has some sort of hardware protection . ( eg. only with an phy inserted usb tongle an update of the storage Pools/Disks is possible ... )

Would be a great feature, just provision all Space and there is no need to configure a lot anymore ....

But i agree AIX is a very good choice . Much harder to hack/handle ...

 

[marclant]

Is it supported to use AWS S3 Glacier as a target for ISP Cloud Container Pool, that will be used for protecting on-site container pool?

I don't see S3 Glacier in the list of supported clouds just yet:

IBM Spectrum Protect cloud object storage support

What types of cloud object storage environments can I use for my cloud-container storage pool?

www.ibm.com

Probably should check back after each new version either on this page, or in the "Updates in thie release" section of the documentation for newer versions. Here's what was in 8.1.12:
https://www.ibm.com/docs/en/spectrum-protect/8.1.12?topic=updates-in-this-release The same will be available with newer versions as they are released.

 

[gernthefish]

We've tested cloudtype=s3 and set up the bucket in AWS to transition data to Standard IA after x days. Not quite as cheap as Glacier, but performed ok for us on restores.