Configuring Safeguarded Copy function with IBM Storage Copy Data Management

You can configure Safeguarded Copy function with IBM® Storage Copy Data Management.

Prerequisites

Before you can configure the Safeguarded Copy function on your system with IBM Storage Copy Data Management, ensure you meet the following prerequisites:
IBM Storage Copy Data Management Requirements
Purchase a license for IBM Storage Copy Data Management or IBM Storage Sentinel. IBM Storage Copy Data Management provides management of application-consistent Safeguarded copies that use FlashCopy. IBM Storage Copy Data Management is available to order through IBM standard ordering databases. IBM Storage Copy Data Management license is available on iERP/Advanced Administration System (AAS) as part of the IBM Storage Software Suite. The stand-alone version of IBM Storage Copy Data Management is available on IBM Passport Advantage. You can also purchase IBM Storage Sentinel, a software bundle (PID 5900APZ) license that combines copy data function and ransomware detection software. The IBM Storage Sentinel package combines the ability to create and manage Safeguarded Copy operations with IBM Storage Copy Data Management software and the ability to automatically detect any compromised data in scheduled backups with the built-in ransomware detection. The IBM Storage Copy Data Management license is available through IBM Passport Advantage.
IBM Storage Sentinel includes the following software licenses:
IBM Storage Copy Data Management version 2.2.16 or later
IBM Storage Copy Data Management provides the following actions:
  • Creates Safeguarded policies to schedule backups of IBM Storage Virtualize volumes. Safeguarded backup policies are created and managed by IBM Storage Copy Data Management.
  • Creates immutable backups of IBM Storage Virtualize volumes.
  • Supports easy to use restore operations so compromised data can be tested and restored back to production volumes.
For the Safeguarded Copy function, Safeguarded source volumes have the following restrictions:
  • Safeguarded source volumes cannot be in a Safeguarded backup location.
  • Safeguarded source volumes cannot be mirrored volumes.
  • Safeguarded source volumes cannot be in an ownership group.
  • Safeguarded source volumes cannot be used as cloud backups with the transparent cloud tiering function.
As part of the configuration of the Safeguarded Copy function with IBM Storage Virtualize systems, administrators need access to the IBM Storage Copy Data Management interface and must complete basic installation and configuration. For information on IBM Storage Copy Data Management installation and configuration, see Deployment Checklist.
Security scan software
Supports registering dedicated security scan servers to run ransomware detection software on every Safeguarded backup that is generated as part of the IBM Storage Copy Data Management configuration of the Safeguarded Copy function. To use these features for ransomware detection requires more configuration and setup that is outside the scope of IBM Storage Virtualize documentation. For more information on IBM Storage Copy Data Management and its ransomware detection features and setup instructions, see Registering a Security Scan Server in IBM Storage Copy Data Management.
The two software work together to provide detection of ransomware on Safeguarded backups.
IBM Storage Virtualize system requirements
All systems must be running the 8.5.1 or later release.
For existing systems, ensure that you complete capacity planning for Safeguarded Copy function. If the Safeguarded Copy function is configured with IBM Copy Services Manager and you want to use IBM Storage Copy Data Management, you unassign all Safeguarded policies that are managed by IBM Copy Services Manager and migrate to IBM Storage Copy Data Management as your scheduling application. For more information, see Migrating to IBM Storage Copy Data Management as external scheduling application.