Securing your IBM Spectrum Protect server

Share this post:

“I’m doing daily backups of my Spectrum Protect database, but is this enough to secure my Spectrum Protect server?”

It’s a question I hear frequently.

In my present job role in IBM Systems Lab Services, I do health checks on various IBM Spectrum Protect environments, and the number one recommendation in 9 out of 10 reviews has to do with disaster recovery implementations that are either nonexistent or don’t complete in a timely manner. Even though backup administrators understand the need to implement their disaster recovery solution correctly, it’s hard for them to convince upper management that it’s worth the cost.

The need for a reliable data protection solution is well known. It can:

  • Protect against machine failure: If your backup server fails, how long can your business operate without backups or without running an urgent restore?
  • Protect against site failure: Some places today are suffering from the effects of climate change—fire, earthquakes, flooding—and power outages can happen unexpectedly. What if you lose access to your entire site and can’t access your backup data?
  • Protect against a virus or ransomware: Recent new types of cyber attacks, such as ransomware, have plagued organizations, prompting many to review the way their data protection infrastructure is managed, with an eye toward securing the environment even further. The backup is sometimes the only way out. So what if your backup server gets infected and it’s your only data copy?

Now that you have the whys, let me tell you how IBM Spectrum Protect can help you.

First, understand your company’s guidelines for recovery time objective (RTO) and recovery point objective (RPO), and then create a solution according to those rules. Choose one or a mix of the following alternatives:

Backup for one site

If you have only one Spectrum Protect server, copy your data to be sent offsite to tapes using protect storage pool or backup storage pool, depending on the type of pools you have. Implement disaster recovery manager (DRM) to help you automate and control tapes sent offsite. Make sure you set up DRM for all storage pools that need to be protected and that you follow the daily administration cycle for file and disk devices or for container pools.

This approach requires moving physical tapes between sites and possibly using a tape vaulting company or a tape librarian (if you have another site that can safely store tapes), so keep in mind other security aspects regarding transportation of tapes. One tip is to send data tapes and backup of your Spectrum Protect database in different trucks.

This traditional method will require more time to recover your data since you’ll need to allow tapes to be recalled and, in the case of a full disaster, you’ll need to recreate the Spectrum Protect server and restore its database.

Backup for more than one site

If you have more than one site, one option is to use the same approach as above of sending a copy of the data offsite but with electronic vaulting (making copies from one server library to the other using a wide area network, or WAN). In this case, you’ll reduce the RTO a little but will still need to restore the Spectrum Protect server in the case of a full disaster.

An alternative multisite solution

The other option for a multisite solution is to implement node replication. You can choose to have dissimilar policies so that you keep the latest versions in your primary site and keep the older versions offsite, or vice versa. In this case, you reduce the amount of storage needed for the solution.

It is also advisable to use container pools in order to allow for inline deduplication and compression. Also think of using IBM Aspera, a WAN optimization protocol, for faster replication. Your disaster recovery site could even be in the cloud, further reducing costs.

This scenario will drastically reduce the RTO, as data is readily available for restores and the Spectrum Protect server will only need to be restored if you have a permanent failure.

Choose the option that’s best for you

You can have a combination of all of the options above and many more. If you have a very aggressive RTO and RPO, you’ll also need to consider using storage, software, site mirroring and other backup techniques such as IBM Spectrum Protect Snapshot. Remember to document your disaster recovery plan, and no matter which option you choose, test, test and test again.

Protecting your data is vital to your organization and its security. If you’re looking for professional expertise on data backup and disaster recovery, reach out to IBM Systems Lab Services – Storage and Software Defined Infrastructure today. We can provide consultations and services to help you design and build a backup solution that meet your organization’s needs. Email us for more information.

To learn more about Spectrum Data Protection Portfolio, check out this solution showcase from Enterprise Strategy Group.

Certified IT Specialist, IBM Systems Lab Services Storage and Software Defined Infrastructure

Add Comment
One Comment

Leave a Reply

Your email address will not be published.Required fields are marked *

Adriana Pellegrini

Very good post to think about the overall DR solution. Congrats Rosane!

More Storage stories

Tackling technical risk in database migrations

Technical risk is one of the most common migration worries organizations face, and the potential technical risks vary depending on the type of migration. So far, this series has covered custom code application migrations as well as migrating ISV applications (see part 1 and part 2). Now I want to discuss technical risk for database […]

Continue reading

How IBM Spectrum Scale resembles my toddler twins

I’m a storage consultant in IBM Systems Lab Services and a working mother of two-and-a-half-year-old twins who were affectionately known as Flash and Elastic during my pregnancy because of the way they moved in my belly. I usually spend my days onsite with IBM clients implementing and managing IBM Spectrum Scale clusters, but I also […]

Continue reading

How a strong cloud architecture primes you for hybrid cloud

Across the information technology world, cloud has become ubiquitous. Cloud computing has inspired many startups to adopt technology quickly and deliver services that would have taken months to develop and deliver in the traditional era. While companies ride that wave, many have come to the realization that not all workloads are cloud friendly. Data privacy, […]

Continue reading