Considerations for backup in Cloud : handing over tapes to tenants / customers
Posted on 2014-01-29
When operating a private Cloud that hosts multiple tenants / customers,
we have a contractual agreement that in the event a tenant wants to
exit from our Cloud (decommissioning or moving to another Cloud
service provider or ...), we have to hand over the backup tapes to the
tenant (VMs & data backups).
a) So we have to cater / reserve tapes used for specific tenant & not
share the tapes? If the tenant or customer has multiple systems/
services hosted in our Cloud, they may even require that the tapes
are segregated by per project. How is this practiced out there in
the Cloud industry? We're a private cloud provider (not public)
but can have up to 50 tenants (with multiple systems/services
per tenant). Any consideration in terms of SaaS, IaaS to take
b) Suppose we use a specific software to take backup (Data Protector,
Netbackup, Commvault), how is the tenant whom we've handed the
tapes to going to read the tapes if they're using a different backup
c) If we're practising encryption in backup, is hardware or software
encryption more portable or practical so that after handing over
the tapes (& assuming the tenant use a different brand of tape
drive, eg: Quantum vs IBM; I'm not talking about media types'
differences like DDS/DAT vs LTO vs optical drive), the tenant will
not into issue with decrypting it? Something like just have to
key in the password & the customer can decrypt it : so is this
hardware or software encryption
d) I've heard that in Netbackup & Data Protector we have to do
daily dumping of backup catalogs: if backups to SATA disks
using a 'universally portable' method (say create a Truecrypt
container on SATA & just backup into SATA drives), I guess
we won't need to do this cumbersome daily backup cataloging?
e) In one bank & a critical financial information service provider,
I've seen older tapes (more than 5 years old) became unreadable
though the offsite storage provider stores the tape in the right
environmental temperature/moisture: any way we can prevent
such issue? We fear it may become a litigation issue if our backup
tapes become unreadable. To call back tons of tapes to do regular
test restoration is not feasible. Can we just sign a back to back
agreement/SLA with our offsite storage provider that in the event
a tape under their care become unreadable, liability is on them?
What about technical prevention/mitigation measures?
Is backing up to multiple SATA hard disks feasible? Then call bac
SATA disks from time to time & just mount them: if there's error,
amber LED will show (ie we don't need to do the tedious tasks
of test restoring)?