Safeguarded Copy in DS8000

Safeguarded Copy provides data protection on DS8000 storage systems.

Safeguarded Copies can be used to take many frequent copies of a production environment (for example, hourly copies maintained for a number of days), while FlashCopy® continues to be used to take a small number of less frequent copies (such as weekly copies maintained for 1-2 weeks).

See Safeguarded Copy commands for more information on the commands that are available with this session type.

Safeguarded Copy capacity and scheduling

To use the Safeguarded Copy function, you can schedule backups and must assign backup capacity.

Backup capacity

Extra capacity allocated to that volume for the purpose of creating backups. The backup capacity should be allocated with enough space to accommodate your service level agreements (SLAs) to meet your requirement for frequency and retention period of backups.

You must first go to the DS8000 command line or GUI and define the backup capacity for the volumes that you want to enable for Safeguarded Copy. See Configuring safeguarded virtual capacity in the DS8000 online documentation for more information.See the topic "Configuring safeguarded virtual capacity" in the DS8000 online documentation at https://www.ibm.com/support/knowledgecenter/ST5GLJ/ds8000_kcwelcome.html for more information.

Scheduler

You can set up an internal scheduler in Copy Services Manager to run a backup at the frequency that you require. The lowest interval time for a schedule is 30 minutes.

See Creating scheduled tasks for more information.

Tip: If you choose a backup schedule that fills up your backup capacity before the duration of what you specified as the retention period, then you will see messages in Copy Services Manager indicating that the older backups have automatically rolled off the hardware. You need to maintain a balance driven by the SLA. Therefore, the retention should drive both the backup capacity size and the schedule. For example, if the SLA requires you to have a month's worth of backups on a daily schedule, then the retention would be 30 days, the schedule would be daily, and the backup capacity needs to be enough to hold 30 backups.

Minimum time frame per backup

This backup option is the number of minutes that controls the frequency that backups can be issued. If you set it to 30 minutes, then you can only backup every 30 minutes. This option provides extra security against malicious attempts to corrupt the data by preventing repeated backups from automatically rolling off all valid backups for the volumes.

Retention period since last recoverable backup

This backup option controls when Copy Services Manager expires older backups.

Important: Instead of the current time, this option is based on the last recoverable backup. This design ensures that the retention period setting will never cause the last recoverable backup to be expired. When you create a backup, it is not immediately recoverable. The hardware does not allow you to recover from the "last backup taken." When you take a backup, it goes into a Warning state initially, even if the backup was successful; and it is marked as "not recoverable." It is not until the next backup is taken, that the previous backup becomes recoverable. Therefore, assuming that all backups were successful, it is the second-to-last backup that is recoverable. And it is this second-to-last backup that is used for retention. However, if you had any failing backups, it would be the second-to-last successful backup that is marked as "recoverable."

Important: The retention period is based on the second-to-last recoverable backup. The retention design always keeps at least two recoverable backups. The hardware does not allow recovery of the last recoverable backup. Copy Services Manager allows you to recover the last recoverable backup, but automatically takes a new backup so that the recover can complete. Because a new backup takes up additional backup capacity, the design ensures that there is always one backup available for recovery that does not use more backup capacity. If additional backup capacity is used, it might cause older backups to automatically expire on the hardware due to a lack of space.

Important: The retention period is based on the second-to-last recoverable backup. The retention design always keeps at least two recoverable backups. The hardware might not support recovery of the last recoverable backup. If the hardware does not support it, Copy Services Manager allows you to recover the last recoverable backup, but automatically takes a new backup so that the recover can complete. Because a new backup takes up additional backup capacity, the design ensures that there is always one backup available for recovery that does not use more backup capacity. If additional backup capacity is used, it might cause older backups to automatically expire on the hardware due to a lack of space. However, if the hardware supports it, the last backup can be recovered without the need for an additional backup.

Backup option to Expire Backup on Auto Roll

When this option is set, the session automatically expires a backup when the session determines that one or more of the volumes has auto rolled the backup.

Expire Backup: When a backup is expired, the backup is removed from all volumes that contain the expired backup ID. A backup can be expired manually by command, automatically through the retention policy, or automatically when the Expire Backup on Auto Roll option is set, and one or more volumes have auto rolled the backup.
Auto Roll: A volume auto rolls an older backup to provide room for newer backups. If a volume is auto rolling backups, then the volume backup capacity might need to be re-sized or retention for the session might need to be reevaluated. When properly configured, the backup capacity for all volumes should have enough space to keep all necessary backups based off the retention and backup frequency.

Set the Expire Backup on Auto Roll option to free up additional space whenever one or more volumes do not have enough backup capacity to form new backups. This feature can help avoid out-of-space conditions. However, when a backup is automatically expired, it is no longer available for recovery across any of the volumes that contained that backup. By default, this option is NOT selected, so you must select it to enable this feature. When this option is not set, the backup is not automatically expired so that if one or more volumes did not auto roll the backup, those volumes can still be recovered to that backup. To allow recovery to those volumes, you must remove any volumes indicating that they auto rolled that backup, from the session. See Recovering volumes to backups marked as not recoverable due to volume auto roll for more information. Search on the topic "Recovering volumes to backups marked as not recoverable due to volume auto roll" in the Troubleshooting section of the Copy Services Manager online help documentation at https://www.ibm.com/support/knowledgecenter/SSESK4 for more information.

Notes:

If you select the Expire Backup on Auto Roll option, but the backup is in a recovery relationship, and the hardware rolls a volume off, Copy Services Manager does not expire it.
When a backup is automatically expired by Copy Services Manager, it remains in the list of backups displayed on the Session Details page for diagnostic purposes.
- You can view the volume results to determine which volumes were auto rolled by the hardware and evaluate if the volumes need more capacity, or if the frequency and retention options need adjusting.
  - To determine which volume or volumes might need increased capacity, select the backup on the Session Details page to view the list of volumes results.
- To completely remove the backup from the list of backups in the Session Details page, navigate to the Expire Backup command and select the backup to remove.

H1-R1 No Copy option

This option defines if the recovery relationship will be established with background copy. If No Copy is selected, then a background copy is not automatically started when the relationship is established. To start the background copy for a no copy relationship, issue the Initiate® Background Copy command. If No Copy is not selected, then a full background copy of the data will occur when the relationship is established. If the recovery volume is a space-efficient volume, the background copy might lead to fully provisioning the volume.

H1-R1 Persistent option

When this option is selected, the recovery relationship does not go away when the background copy completes.

Note: Microcode 9.02 level or higher is necessary to take advantage of the persistent feature. If you set the Persistent option, and microcode does not support it, the option is ignored, and the relationship disappears from the hardware when the background copy is complete.

z/OS® Management option: When a z/OS system of sysplex name is set, the Backup command is submitted through the z/OS connection to that system or sysplex to provide performance improvements during the backup process for mainframe volumes.
Note: To enable this feature and take advantage of the performance enhancements, volumes in the session must be attached to the system or sysplex and IOS APAR OA59561 must be applied. In addition, for all storage systems that are going to be managed, a z/OS connection must be defined on the Storage Systems panel. Ensure that you create a z/OS storage system connection (Storage connections) for each storage system in the system or sysplex that will be managed by the session.

See Creating a Safeguarded Copy session and adding copy sets for more details.