LTO9 and Air Gap with Quantum Active Vault

LTO-9 is now generally available, increasing native media capacity to 18TB and bringing 400 MB/s transfer rates. Aside from increased density this technology apparently improves reliability: BaFe (Barium Ferrite) LTO-9 tapes are rated to maintain stable magnetic characteristics for over 50 years. How the latest innovations in LTO technology are addressing today’s most pressing data storage challenges: Unrelentless cyber threats and exponential data growth. Basically, LTO Tape Technology is a proven solution against modern cyberattacks, offering a layer of protection called air gapping (Offline Backup).

 

Regular backups of all data, including data on file servers, infrastructure, and critical business applications should be performed. Keep in mind that these backups can also be affected by ransomware. Indeed, more and more cybercriminals seek to attack backups to limit the possibilities for the victim to find his data and thus maximize the chances that he pays the ransom. These backups, at least for the most critical, must be disconnected from the Information System to prevent their encryption, like other files. The use of “cold storage” solutions, such as external hard drives or magnetic Tapes, can protect backups from infection of systems and preserve critical data upon recovery. In this regard, it is important to note that “backup-less” architectures (snapshots) effectively protect against the destruction of isolated data, when it is due to a hardware failure. However, they do not protect against targeted ransomware attacks because the attackers work to encrypt data on all servers.

Quantum’s Tape Libraries take it a step further by offering a built-in off-network secure vault called Active Vault that hides and secures the data placed in that partition and is invisible to the backup software. In combination with the latest LTO-9 technology, you can offer ultimate security with the ability to store up to 45TB of compressed capacity per cartridge. Note: Quantum offers the MFA feature for free for the Tape Libraries that allows protecting the administration interface (targeted attacks).

Veeam B&R with Quantum Active Vault:

Quantum Scalar i3 Tape Library overview (logical view). One partition is created for Veeam B&R. Note: Veeam B&R only see the green area at the top left “Veeam”. Purple slots are Active Vault area.

Veeam B&R, at this moment, “thinks” to export the tapes in the IE Area (zone dedicated to the physical output of the tapes).

Basically, the tapes are exported into the Active Vault area. This avoids manual tape management operations (rotation).

You can only act on Active Vault’s tapes from the administration interface (protected by local account, dedicated VLAN, and 2FA).

LTO-9 includes features, such as multi-layer security support via hardware-based encryption, WORM (Write-Once, Read-Many) functionality and support for Linear Tape File System (LTFS), and are fully read and write compatible with LTO-8 cartridges.

This is exciting and all, but when will Veeam Backup & Replication (Veeam B&R) support LTO-9? While Veeam fully prepared V11 for LTO-9 based on tech preview hardware testing IBM has arranged for Veeam in October 2020, now that they tested the commercially available hardware Veeam discovered one significant change: a new requirement to initialize new LTO-9 tape media prior to use, which was not there in their preliminary testing. Further, Veeam saw this process takes anywhere from 20 to 120 minutes, making the tape jobs fail due to exceeding timeouts. And unfortunately, the issue came too late for Veeam to address in V11a, which is already in the Release Candidate stage. So now, Veeam’s plan is to release a hotfix for V11a to prevent jobs from failing, and then add some proper integration with this new tape initialization process in V12.

Next week, I will be in Prague for Veeam Vanguards Summit 2021.

 
Step by Step Guide Veeam B&R 11 Upgrade: Guide.
Veeam CDP and Application consistency: Blog Post.
Veeam improves the engine in version 11: Blog Post.
Veeam B&R v11 and ReFS: Blog Post.
Veeam B&R 11 – Continuous Data Protection: Blog Post.
Microsoft Teams Backup with VBO v5: Blog Post.
Protect your Backup against Ransomware: Blog Post.


Christopher GLEMOT

Data Management & Security Team Leader | Technical specialist around Data, Security, Backup, Disaster Recovery, Cloud, Governance, Virtualization and Storage | Veeam Vanguard 2016-21 & VMCE | Founder of ArmoricanCloud.com | Owner of original-network.com
Please follow and like us:
Advertisement

1 ping

  1. […] your Backup Server and integrating Trusted Repository Storage, Offline Backup (Tape, example: Quantum Active Vault) or Immutable (Veeam Immutable Backup feature, Retention Time Lock with ExaGrid, AWS S3, etc.), […]

Leave a Reply

error

Enjoy this blog? Please spread the word :)