As the fear of public relations nightmares over lost tapes are mounting and compliance requirements around safeguarding personal data are becoming more stringent, many organizations -- notably in the financial sector -- have been looking at various solutions to prevent backup and archive data from ending up in the wrong hands. A growing number of organizations are contemplating disk-to-disk (D2D) backup solutions to work around this...
issue. They reason that if the data doesn't leave the realms of the IT environment, the risk of losing media containing confidential data is significantly reduced.
However, for different reasons, not all companies are in a hurry to leave tape technology behind. For example, some companies have made significant investments in tape storage and still might be a few years away from replacing tape with disk-only storage. That said, these same companies may still have an immediate requirement to demonstrate that data is secure and unreadable by unauthorized parties once it leaves their sites. This is where encryption at the tape device level comes into play.
At this point, the only two contenders with market-ready tape device level encryption offerings are IBM Corp. with its System Storage TS1120 and System Storage TS1040 drives, and Sun Microsystems Inc.'s StorageTek T10000 tape drive. Quantum Corp. also remarkets IBM drives for some of its libraries. All drives offer similar performance and vary in capacity (see the table below).
|Technology||Native capacity per cartridge (uncompressed)||Native transfer rate|
|IBM TS1120 (3592)||700 GB||104 MBps|
|IBM TS1040 (LTO-4)||800 GB||120 MBps|
|Sun StorageTek T10000||500 GB||120 MBps|
There are differences worth noting between the technologies such as pricing; both the Sun StorageTek T10000 and IBM TS1120 were listed in the $30,000 range, while the IBM TS1040 was initially listed in the $20,000 range. The IBM offering is also available in SCSI or SAS-only format (no Fibre) for a little more than $5,000 as the TS2340. Both the StorageTek T10000 and IBM TS1120 drives target the 9840 and 3592 market, which is typically enterprise class. The IBM TS1040 and SCSI/SAS equivalent TS2340 offer a cost-effective alternative for the small and medium-sized business (SMB) space.
Also worth noting are the differences in encryption key management. Sun's StorageTek relies on a Crypto Key Management Station (KMS), which is a chargeable feature and must be installed on a Sun Solaris platform. This is in contrast with IBM's Java-based key management, which can be installed on a Microsoft Windows-based host, and is provided at no extra cost. IBM's key management can also be handled by its Tivoli Storage Manager (TSM) backup software.
One critical aspect of key management common to all options is the need for backups. To that effect, Sun's KMS allows for the creation of a local backup and remote replication to another KMS. IBM's key store can be backed up on the host system, or if managed by TSM, backed up internally though TSM. In any case, it must be noted that key management backups shouldn't be stored on the encrypted media it manages.
About the author: Pierre Dorion is a certified business continuity professional for Mainland Information Systems Inc.