Thank you Russell We are totally not in favour of cyber backup and our organisation is not confident about sending data to cloud.
On Wed, 22 Oct 2025, 05:29 Russell Witt, < [email protected]> wrote: > Peter, > > As others have stated, just because you write to virtual-tape doesn't mean > retention isn't just as important. Just finished a SEV-1 because a client > had accidentally scratched 10,000 volumes that they didn't mean too (lucky > for them, their "Expire-Hold" was 2 days and they figured out what they did > right away). > > One item I didn't notice discussed was the concept of the cyber-backup > copy as opposed to the DR backup copy. A DR backup is normally only kept > for 3-5 cycles. So if you backup your data once-a-day and your virtual-tape > system is replicated offsite - in my opinion only 3 to 5 cycles should be > sufficient for most DR restores. To be honest, if you have to go to > anything EXCEPT the latest backup you must have had something more than a > simple disaster. > > Now, a cyber-backup is different. And that depends on how paranoid you are > regarding bad-actors getting into your system. Of course the best defense > against bad actors is a strong firewall up front to keep everyone not > authorized out. But that doesn't stop the bad actor that is already on the > payroll. I have heard that the average time that a bad actor is active on > the system before being detected is measured in weeks/months. So, I have > heard of some sites that are now looking for cyber backups that are kept > for 3-9 months. That becomes a LOT of data, even with TS7700's with > TS7760's attached to them. One option that some clients are looking at is > going to the cloud. A cyber-backup (again, different from a DR backup) > falls into the "write once, read never" category which is cheap storage > from the public cloud providers. Of course, mainframe data MUST be > encrypted AT-HOME (on the Mainframe) before it gets sent to the Cloud. The > options where you encrypt the data in the Cloud is like the person that > keeps their spare key under the welcome mat. The encryption and the data > storage itself should be kept at arms-length from each other (in my > opinion). Plus, if the data is encrypted in the Cloud itself it is not > being encrypted at the file-level (a requirement for PCI-DSS V4.0). > > But this is simply my 2-cents... > Russell Witt > CA 1 Architect > Broadcom > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Peter > Sent: Tuesday, October 14, 2025 10:57 PM > To: [email protected] > Subject: Tape retention Discussion > > Hello > > Just trying to understand some of your experience about physical tape > backup up. > > I know almost most of the shops are tapeless. > But when you had physical tape , > > 1 ) What are the files you backed up to 3590 ? > 2 ) what was the retention period you followed for database , system > volumes and user datasets ? > 3 ) Generally to recover an entire lpar from a physical tape a volume > level backup for an entire lpar would suffice ? > > > Any information on the above would help me to research further. > > Regards > Peter > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
