A few years back I worked at a bank in the Office of Continuity Assurance or Bank IT Audit compliance in English. All banks have to publish a written DR and data retention policy per banking guidelines. Once that policy is in place, the IT team must support those requirements. There is usually three types of data: Customer transaction data, Personal information, and the other data. The transaction data (like loans) have to be protected X number of years after the account has closed. So for mortgage loan data, that could be 40 years and why banks use low cost tape for this type of data. Personal information as you know needs to be protected with the most protection possible, which is why internal replication (snaps) and retention is one of the best solution (hard to lose data off a truck if it's never on a truck). The common factor on all these data types is that they need to be protected onsite and offsite. Usually the onsite snaps are for local recovery of data and can be as short as 14 days, and maybe as large as 30 days. The offsite copies are for true DR and offsite Compliance (most cases 60-180 days). You can remove tapes from usage for the personal and other data by retaining these two data types at the DR site for the length of the offsite retention policy set by the OCA group (ours was 90 days).
You can also use the snaps at the DR site to backup the long term data to tapes and hold the tapes at that DR site. This meets the long term retention and offsite requirements. It's also removes the $$$ the company is paying for tape handling and offsite storage. In most cases they could purchase a silo to hold up to 12 months of tapes. What we would do is create a monthly batch of tapes to actually ship tape offsite for long term storage if they had a retention required for more than one year.
Most companies are still doing daily backups and shipping data offsite daily. There is a ton data and it's expensive to pull that data back (either tape or cloud). It's always better and cheaper to hold your data internal.
Hope this helps
Thanks for the response! I am familiar with the retention policies that we need to have in place to satisfy the state and federal audits. Auditors are always fun to please. We have the policies in place for our current environment which includes a DR plan where we replicate all of our data to a DR site and then we have a tape backup solution in our production data center that we use strictly for day to day backups of user data such as home drives, shared drives, and other file servers. The challenge is writing an ambiguous policy (not procedure) for data retention that whenever you add a server or other small changes in our procedures that we don't have to go change the policy to match the procedural changes. Since we are not familiar with snapshots and how NIMBLE utilizes them for backups we are having trouble writing this policy. I was hoping someone out there perhaps had an example of what they give to auditors as their retention policies utilizing snapshots for both Disaster Recovery and/or day to day file backups using NIMBLE storage or could explain how storage based snapshots actually work so I can write my own policy. We are just behind the curve on snapshot technology and how storage based snapshots actually work. So to describe in a policy that this is how things are backed up and all critical data is essentially safe and sound in the instance of a disaster is tough to do without having a strong knowledge of how storage based snapshots work.
Any more insight into this would be appreciated.
Good work rick.
A snapshot is a exact point in time backup of everything on a single volume. You can create groups to have several volumes snap at the same time. These snaps can be mounted for recovery of the entire
Volume, or a single file. The only issues with snaps is that if you lose the primary storage array due to environment or worse, you lose the snaps too. This is no worse then if you lost the array and the tapes in the same dc, unless you didn't have offsite copies. This is why all storage vendors recommend clones of snaps to at least another array in another data center.
Snaps onsite are one of the fastest recovery methods and are great for e-discovery. They should meet all your requirement for retention guidelines.
(Sent from my iPhone, so please excuse brevity or spelling mistakes.)