Safeguarded Copy

Safeguarded Copy is a new protection mechanism for data on DS8000 storage systems.

Safeguarded Copy sessions secure data to prevent it from being compromised, either accidentally or deliberately.

Safeguarded Copies can be used to take many frequent copies of a production environment (for example, hourly copies maintained for a number of days), while FlashCopy continues to be used to take a small number of less frequent copies (such as weekly copies maintained for 1-2 weeks).

The Safeguarded Copy function provides backup copies to recover data in case of logical corruption or destruction of primary data.

Safeguarded Copy uses a backup capacity, production volume, and recovery volume:

Backup capacity can be created for any production volume. The size of the backup capacity depends on the frequency of the backups, as well as the duration that backups need to be retained.
The Safeguarded Copy session creates a consistency group across the source volumes to create a safeguarded backup, which stores the required data in the backup capacity.
The production volume is the source volume for a Safeguarded Copy relationship. Depending on the specific client topology, this relationship could be a Metro Mirror, Global Mirror, or z/OS Global Mirror primary or secondary volume, or a Simplex volume.
A recovery volume is used to restore a backup copy for host access while production continues to run on the production volume. The recovery volume is the target volume for a Safeguarded Copy recovery, which enables a previous backup copy to be accessed by a host that is attached to this volume. The recovery volume is typically thin-provisioned, but it does not have to be.

See Safeguarded Copy commands for more information on the commands that are available with this session type.

Accessing a backup copy on a recovery volume:

Production systems can continue to run while this is done
Optional background copy to copy all required data out of the backup capacity
Identification of a good recovery point is expected to be done on the recovery volume

Safeguarded Copy capacity and scheduling

To use the Safeguarded Copy function, you can schedule backups and must assign backup capacity.

Backup capacity: Extra capacity allocated to that volume for the purpose of creating backups. The backup capacity should be allocated with enough space to accommodate your service level agreements (SLAs) to meet your requirement for frequency and retention period of backups.; You must first go to the DS8000 command line or GUI and define the backup capacity for the volumes that you want to enable for Safeguarded Copy. See Configuring safeguarded virtual capacity in the DS8000 online documentation for more information.
Scheduler: You can set up an internal scheduler in Copy Services Manager to run a backup at the frequency that you require. The lowest interval time for a schedule is 30 minutes.; See Creating scheduled tasks for more information.
Tip: If you choose a backup schedule that fills up your backup capacity before the duration of what you specified as the retention period, then you will see messages in Copy Services Manager indicating that the older backups have automatically rolled off the hardware. You need to maintain a balance driven by the SLA. Therefore, the retention should drive both the backup capacity size and the schedule. For example, if the SLA requires you to have a month's worth of backups on a daily schedule, then the retention would be 30 days, the schedule would be daily, and the backup capacity needs to be enough to hold 30 backups.
Minimum time frame per backup: This backup option is the number of minutes that controls the frequency that backups can be issued. If you set it to 30 minutes, then you can only backup every 30 minutes. This option provides extra security against malicious attempts to corrupt the data by preventing repeated backups from automatically rolling off all valid backups for the volumes.
Retention period since last recoverable backup: This backup option controls when Copy Services Manager expires older backups.
Important: Instead of the current time, this option is based on the last recoverable backup. This design ensures that the retention period setting will never cause the last recoverable backup to be expired. When you create a backup, it is not immediately recoverable. The hardware does not allow you to recover from the "last backup taken." When you take a backup, it goes into a Warning state initially, even if the backup was successful; and it is marked as "not recoverable." It is not until the next backup is taken, that the previous backup becomes recoverable. Therefore, assuming that all backups were successful, it is the second-to-last backup that is recoverable. And it is this second-to-last backup that is used for retention. However, if you had any failing backups, it would be the second-to-last successful backup that is marked as "recoverable."
H1-R1 No Copy option: This option defines if the recovery relationship will be established with background copy. If No Copy is selected, then a background copy is not automatically started when the relationship is established. To start the background copy for a no copy relationship, issue the Initiate Background Copy command. If No Copy is not selected, then a full background copy of the data will occur when the relationship is established. If the recovery volume is a space-efficient volume, the background copy might lead to fully provisioning the volume.

See Creating a Safeguarded Copy session and adding copy sets for more details.

Safeguarded Copy terms:

Safeguarded Copy (SGC): A DS8000 function that provides protection from logical data corruption. Usage: The Safeguarded Copy function provides protection from logical data corruption.
Safeguarded source (SGC source): A DS8000 volume that is protected by the Safeguarded Copy function. Usage: The safeguarded source volume is protected by a safeguarded backup capacity that contains a copy of the data in the source volume.
Safeguarded backup (SGC backup): A point-in-time version of data that is created by the Safeguarded Copy function to protect a safeguarded source volume. Usage: The safeguarded backup capacity contains a copy of the data in the safeguarded source volume.
Safeguarded backup location (SGC backup location): The pool where the safeguarded backup capacity is stored for a safeguarded source. Usage: The safeguarded backup location contains the safeguarded backup capacity.
Safeguarded backup capacity (SGC backup capacity): The physical capacity in the safeguarded backup location that contains the data that is stored the safeguarded backup copies. Usage: The safeguarded backup capacity is based on the size of the extra capacity allocated to that volume for the purpose of creating backups.
Safeguarded virtual backup capacity (SGC virtual backup capacity): The amount of volume (virtual) capacity that is configured to store safeguarded backup copies for a safeguarded source. The capacity that is required depends on the size of the source volume, the number of copies, and the predicted destage rate of the source volume’s data. See Configuring safeguarded virtual capacity in the DS8000 online documentation for more information.
Configure Safeguarded Backup Capacity (Configure SGC Backup Capacity): Configure the location of the backup capacity, and use the backup planning tool to determine the virtual capacity that is required to store backup copies of a safeguarded source volume.
Recover Backup: Recovers a safeguarded backup copy for a safeguarded source to a separate volume by selecting a safeguarded source volume, specifying a backup copy to recover, and determining the target volume to receive the data from the backup capacity.
Configure Backup Schedule: Configure the backup schedule for a safeguarded source volume.
Create Backup: Create a safeguarded backup copy outside of the normal backup schedule.
Recover / Recovery Volume: A safeguarded backup copy can be viewed or updated by recovering a backupcapacity to a recovery volume, which is a normal addressable volume that can be accessed by the host for read and write operations.
Expire Backup: Remove all backup copies and schedules for a safeguarded source.