Securing your IBM Spectrum Protect server

By | 4 minute read | January 3, 2018

Human Capital, IBM z14, IBM PowerVC, Securing Your Server, IBM Expands Containers, Multi-Factor Authentication, TensorFlow, Walmart Cyber Monday

“I’m doing daily backups of my Spectrum Protect database, but is this enough to secure my Spectrum Protect server?”

It’s a question I hear frequently.

In my present job role in IBM Systems Lab Services, I do health checks on various IBM Spectrum Protect environments, and the number one recommendation in 9 out of 10 reviews has to do with disaster recovery implementations that are either nonexistent or don’t complete in a timely manner. Even though backup administrators understand the need to implement their disaster recovery solution correctly, it’s hard for them to convince upper management that it’s worth the cost.

The need for a reliable data protection solution is well known. It can:

  • Protect against machine failure: If your backup server fails, how long can your business operate without backups or without running an urgent restore?
  • Protect against site failure: Some places today are suffering from the effects of climate change—fire, earthquakes, flooding—and power outages can happen unexpectedly. What if you lose access to your entire site and can’t access your backup data?
  • Protect against a virus or ransomware: Recent new types of cyber attacks, such as ransomware, have plagued organizations, prompting many to review the way their data protection infrastructure is managed, with an eye toward securing the environment even further. The backup is sometimes the only way out. So what if your backup server gets infected and it’s your only data copy?

Now that you have the whys, let me tell you how IBM Spectrum Protect can help you.

First, understand your company’s guidelines for recovery time objective (RTO) and recovery point objective (RPO), and then create a solution according to those rules. Choose one or a mix of the following alternatives:

Backup for one site

If you have only one Spectrum Protect server, copy your data to be sent offsite to tapes using protect storage pool or backup storage pool, depending on the type of pools you have. Implement disaster recovery manager (DRM) to help you automate and control tapes sent offsite. Make sure you set up DRM for all storage pools that need to be protected and that you follow the daily administration cycle for file and disk devices or for container pools.

This approach requires moving physical tapes between sites and possibly using a tape vaulting company or a tape librarian (if you have another site that can safely store tapes), so keep in mind other security aspects regarding transportation of tapes. One tip is to send data tapes and backup of your Spectrum Protect database in different trucks.

This traditional method will require more time to recover your data since you’ll need to allow tapes to be recalled and, in the case of a full disaster, you’ll need to recreate the Spectrum Protect server and restore its database.

Backup for more than one site

If you have more than one site, one option is to use the same approach as above of sending a copy of the data offsite but with electronic vaulting (making copies from one server library to the other using a wide area network, or WAN). In this case, you’ll reduce the RTO a little but will still need to restore the Spectrum Protect server in the case of a full disaster.

An alternative multisite solution

The other option for a multisite solution is to implement node replication. You can choose to have dissimilar policies so that you keep the latest versions in your primary site and keep the older versions offsite, or vice versa. In this case, you reduce the amount of storage needed for the solution.

It is also advisable to use container pools in order to allow for inline deduplication and compression. Also think of using IBM Aspera, a WAN optimization protocol, for faster replication. Your disaster recovery site could even be in the cloud, further reducing costs.

This scenario will drastically reduce the RTO, as data is readily available for restores and the Spectrum Protect server will only need to be restored if you have a permanent failure.

Choose the option that’s best for you

You can have a combination of all of the options above and many more. If you have a very aggressive RTO and RPO, you’ll also need to consider using storage, software, site mirroring and other backup techniques such as IBM Spectrum Protect Snapshot. Remember to document your disaster recovery plan, and no matter which option you choose, test, test and test again.

Protecting your data is vital to your organization and its security. If you’re looking for professional expertise on data backup and disaster recovery, reach out to IBM Systems Lab Services – Storage and Software Defined Infrastructure today. We can provide consultations and services to help you design and build a backup solution that meet your organization’s needs. Email us for more information.

To learn more about Spectrum Data Protection Portfolio, check out this solution showcase from Enterprise Strategy Group.