Re: Discoverability of expired tapes?

["Harry E Flowers (flowers)" <flowers () MEMPHIS EDU>]

If you have a d2d backup solution that is configured to be a virtual tape library, that's how they generally work.  We 
have ours set up as an NFS share so we're dealing with the tar files and the backups live inside a single file instead 
of being spread out among tape image files.  Unfortunately, if you have some NDMP requirements, you're stuck with a VTL 
for your d2d backups.  I understand that later versions of the NDMP standard and Backup Exec can have the backup server 
be the virtual tape library and then write to the d2d or physical tape from there, but that's only from what we've 
heard, not what we've implemented.

With Backup Exec, the tapes are returned to the scratch pool and the backup catalog info is deleted.  Technically, the 
data could still be on one or more tapes, but Backup Exec doesn't have them cataloged to retrieve the information 
anymore after the expiration date.  The disk tar files are deleted on the d2d backup system, so they're "less 
retrievable".
--
Harry Flowers
Manager, Systems Software
Information Technology Division
The University of Memphis


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Wednesday, January 06, 2010 12:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Discoverability of expired tapes?

I also advise people to review their backup to disk systems to verify how they handle expiration.  In an earlier 
version of Backup Exec, their backup to disk was made to exactly mimic tapes.  You decided how many "tapes" you wanted 
to create on your disk and when a "tape" expired, the file wasn't deleted off the disk, it was kept until the "tape" 
was overwritten in the backup cycle.  I don't know why they chose such a literal imitation of tapes on disk (maybe to 
minimize the amount of new code required) and I don't know if any of the backup applications work this way anymore.

Brad Judy

Emory University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg 
Francis
Sent: Wednesday, January 06, 2010 11:32 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Discoverability of expired tapes?


Hello,

I have a question for those out there that may have dealt with this issue.

We have set our tape backups for our Exchange system to expire after 14-days. We keep no archives. This not only saved 
us a significant number of tapes and had negligible impact on our recoverability, but it also reduced our eDiscovery 
issues significantly. BTW, we don't  have a mail archiving solution in place.

What I just discovered in our backup system is that, even though the backups are expiring, until the tapes themselves 
are reused, the backup is still listed. The tapes are all marked as "expired" and are available for reuse but the 
actual session (we use HP Data Protector) doesn't purge from the backup software until all of the tapes for the session 
are used. In reviewing this, I discovered that three backups over the 14-day expiration period still have all of the 
tapes available so I could theoretically recover them if I had the need.

My question is this, since I can recover these backups, are they discoverable even though all of tapes are marked as 
expired?

BTW, I'm looking at ways to purge these sessions once they have expired but we're in a situation where we might not 
want to do that right now.

Thanks,
Greg


Greg Francis
Director, Central Computing and Network Support Services
Gonzaga University