By Dr. Marc M. Batschkus
According to the dictionary, a vault is “a secure room in a bank in which valuables are stored”.
You might consider bringing your media to an actual bank, but there are other alternatives that might be a better and more convenient fit.
Why Media Vaulting?
A vault is only needed for maximum security and the highest level of data protection. This might sound more ambitious than it actually is. Media vaulting requires having media files on storage that can easily be transported. Since production storage is mostly bolted to a 19 inch rack and consist of heavy devices, something else has to hold the files for vaulting. Vaulting and storing files off-site today is more important than ever. Local incidents usually threaten the production storage together with the Backup that might sit in the same 19 inch rack (or close-by). To protect a business against major interruption, storing files off-site is an important step.
There is one more advantage, though, that comes with this method. Removable media that the files are stored on are not only offline, they also have a physical air gap between the company network and the storage. This is of increasing importance due to the risk of cyberattacks, ransomware and malware. This alone can justify building a media vaulting strategy to protect the company´s data.
How Does Media Vaulting Work?
In reality, bringing a set of removable media to a secure place is all that is required. To truly provide maximum security and protect against local incidents, this place needs to be at a substantial distance from the office. If the area is prone to flooding, it makes sense to select a place that is remote enough to be unaffected or that is especially protected against such disasters.
An added benefit is that any vaulting solution also offers an air gap between the production storage and the offsited or vaulted media.
Step #1 Select storage medium
Option 1: RDX
Let’s have a look at the options for removable media. For professional applications, there are only two choices: RDX and LTO tape.
RDX is a removable storage that can be hard disk or SSD based. The disk or SSD is built into a robust cartridge. The storage cartridges are qualified and tested in a specific process to guarantee their robustness against physical impact and stress during transport and shipment. There are single bay and multiple bay systems to read and write to and from RDX. Since the price for a single dock is extremely affordable, one can even have it placed at every workstation. These are the qualities that make RDX an ideal medium for data transport via shipping.
Capacities for the RDX cartridges range from 500GB to 5TB. Therefore, RDX is a good choice for either personal use or small to medium size data sets.
Archiware P5 works with RDX storage for Backup and Archive: https://p5.archiware.com/solutions/tandberg-rdx
Option 2: LTO Tape
LTO tape is the second option for media vaulting. LTO tape combines large capacity of up to 12TB per cartridge with an extremely long shelf-life. LTO is built to be readable for 30 years. Single drives, as well as tape libraries are offered by a number of vendors. The universal compatibility ensures independence of the hardware and media vendor. For smaller data sets, single tapes might be taken offsite and stored in a secure place or an actual vault. For larger data sets, some libraries offer drawers that can be removed, holding 12 or more tapes per unit.
LTO tape offers several built-in security features, like read-after-write, error correction, auto-speed and more.
Learn more about LTO in this blog article: https://blog.archiware.com/blog/what-is-lto/
LTO Tape solutions with Archiware P5: https://p5.archiware.com/solutions/lto
Step #2: Make a plan
This is an important step. Thorough planning will assure that you get the security and protection you want that fits in with your workflow and production processes.
Ask these questions:
- Where will you store/vault the media?
- How big is the data set now?
- How much is it growing each year?
- How often do you need to bring media offsite (this equals the maximum amount of potential data loss)?
- Who will bring them and/or rotate them?
- Do you need offsite Backup and Archive?
Step #3: Plan the Archive
Planning an Archive is a task in itself. Learn more about useful considerations and check lists in this article.
Step #4: Decide about offsite Backup
Once you answered the above questions, you can start implementing your strategy and configure the P5 Backup, Synchronize and/or Archive plans accordingly.
To make the decision easier if Backup and Archive is the best solution, you need to look at your security requirements.
Basically, a Backup protects ongoing production, whereas an Archive keeps migrated files that have been finalised and are no longer needed on a daily basis.
Vaulted LTO Archive tapes protect all completed projects.
The ongoing production needs a Backup to be protected. Here, an offsite Backup can also mean a replication to another company location or to cloud storage.
Using the vaulting process for both Backup and Archive makes double use of the established rotation process. Whether someone takes 5 or 10 tapes to the vault location does not make a big difference. This is, of course, only valid if the offsite Backup is using removable media as well.
Building on the 3-2-1 Backup rule, 3 copies, 2 different media, 1 offsite, tis means a local Backup is complemented by a removable Backup that rotates its media to and from the vault location.
Make sure to include network and server settings and other useful information necessary to rebuild the setup if need be.
Learn more about the 3-2-1-Backup rule: https://blog.archiware.com/blog/what-is-the-3-2-1-backup-rule/
Step #5: Test the process
Once you decided and configured your Backup and Archive for offsite vaulting, run the complete process and see if it really fits in with your organisation and workflow. Consider that all steps also need to be performed under time pressure when there is a higher production load.
Media vaulting is a professional way to protect files and media assets against local incidents, as well as cyber attacks and malware. A physical vault does not necessarily have to be part of it. More important is the separate location, the physical air gap and offline state of the storage media.