Back up encryption

15 pts.
Backup and Recovery
IBM iSeries
I'm trying to develop a backup strategy for my company who has two iSeries, one on East coast & one on West coast. Currently we backup to tape and the data is encrypted as the tapes go off-site for storage. I was hoping to do something like 'cross-site' mirroring between the two iSeries to satisfy our B/U requirements. And, as the data would not be going off site, we would not have to encrypt it. (someone told me this wouldn't work?) Why? I'm also confused it this would work, how would you handle the restore or pointing your hot site box to the mirrored data on the remote iSeries? Beyond that, maybe too complex a solution, does anyone know about tape encryption. We currently use an encryption utility box between the iSeries and tape drive from Paranoia. My main concerns are speed of transfer and cost. If anyone could help with this or point me in the direction of some reference materials I'd appreciate it.

Answer Wiki

Thanks. We'll let you know when a new response is added.

You have three questions here and I think I see and know how to answer them all. Let me make sure I have the questions right, and I am going to make them sound really simple so if you need more complex answers you can email me directly.

  1. You want to know more about Native Encrypted Backup Solutions for the System i?
  2. You want to understand more about building an High Availability (HA) Environment with two System i Servers?
  3. You want to know how if the box is location A fails you will be able to “fail over” to the box in location B?

1. IBM offers LTO3 and LTO4 tape solutions for the System i either using BRMS or Tivoli. The encryption is done at the hardware/drive level, and not on the System i. It’s very simple to implement and use the only gotcha is that if you loose the key you loose your data so I have never been a fan of locking up my data. Usually a reputable off site storage facility would be security enough to house your media. Iron Mountain is a very good, very secure company.

I would talk to either IBM or a local VAR about getting a newer tape drive system that will do device level encryption. We can talk about backup stragies later after I answer the next two answers.

2. HA or Fail Over software is pretty good for the System i. There are plenty of people selling HA software. The largest is Vision Solutions, and they in the last two years have gobbled up iTers (Great Stuff), Lakview’s MIMIX (Good too), and they have a package called OMS/400, which is very slow, bloated and hard to use.

What it does is very simple. Lets say we have two System i’s One called EAST and one called WEST. We want to make sure the data one EAST and the data on WEST is always available with a certain amount of SLA.

So we partition the EAST server and make a partition called WESTHA and then we partition the WEST server and call it EASTHA.

NOTE: If you don’t have enought resouces to make a partition to do HA you will need to talk to a VAR and get what IBM calls a CBU Server. It’s a pretty good deal and will make life a whole lot better. But for the purposes of time lets consider that you do or have another server in each location with the proper amount of DASD.

So then we install out HA software on the EAST and EASTHA servers. Most HA companies will of course do all of this work for the price of the software. You as the Admin then select the important data that you need in case you have to “fail over” to the HA server in this case EASTHA. The data once changed on the primary server EAST will be replicated via journal entries to the EASTHA server and then be updated on the HA server. It’s all very simple and not very heavy. You will of course need to upgrade the bandwidth for this to work well.

The same can be done for the WEST server too.

3. Fail Over. What this does is when you need to fail over to the HA server because you lost a CPU or the power in the building is bad, or even worse you had a fire you will follow the manual the HA software company sold you, also getting them on the phone is a huge help and all of them want to be on the phone when you fail over it’s apart of the service contract, and you simple perform a swap. When your done the HA server will look and act just like your Primary Server. The first time you make the swap your going to be amazed.

I hope that helps. I can answer anything else via email if you like.

-David Vasta

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: