Skip to main content
  • EN

More and more customers are aware of the fact that backups are more and more important than before 😍.

The number of impacts by ransomware and hacking makes customers more and more aware of the fact that backups are often their last resort.

They understand that they need an airgapped or immutable backup copy.

In every conversation with a customer about backups, I talk about the necessity of implementing the 3-2-1-1-0 rule.

If you want to know more about that : 3-2-1-1-0 Golden Backup Rule | Veeam Community Resource Hub

In that context the customers ask me what are the possible options to have a secondary airgapped or immutable backup.

They also ask what are the pro’s and con’s of those solutions.

As everyone knows, there is no fits-all-solution.

The best solution for the customer depends on several factors : 

  • The size of the full backups on disk
  • The size of (daily) incrementals on disk
  • The bandwidth of the internet-connection
  • The preference or aversion of a certain solution (cloud vs tape)
  • The required frequency of backup (RPO : Recovery Point Objective)
  • The required frequency of RTO : Recovery Time Objective (time needed to restore and becoming online)
  • The available financial budget
  • The preference or aversion of doing some manual handling
  • The requirement of having full control
  • The need of having the data on-premise
  • ….

 

As you can see, those are some of the questions you have to ask or taken into account to come with the best solution.

Why?

 

Because often the customer asks what I would suggest or recommended as the best solution for that particular customer as being the expert 😉.

 

So, therefore I listen always very carefully if the customer has already experience in using tapes or not and also if the customer has preference or aversion in that solution.

If the customer has aversion in that kind of solution I will not suggest that solution, but if the customer has experience and having no aversion, often the solution of tapes is the preferred solution.

Also often the customer wants to see/have their backups physical.

Therefore public cloud is not always the best solution.

 

What are benefits in using tapes?

  • Having full control of your backups and data
  • Not dependent of internet-lines
  • No financial surprises when needed to restore a lot of data
  • Fast backups with latest LTO generations (more than 300MB/s)
  • A limited investment (on 1 tape you can backup more than 16TB with LTO9)
  • Low cost price per TB
  • Stability : no permanent spinning parts
  • Long term archiving is easy and cost effective
  • Can be easily transported off-site
  • A true airgapped solution if the tape is ejected after backups are written
  • Easily scaling : if needed, add more tapes or if needed, add more tape drives to write simultaneous to 2 tape drives if the backup-window is limited in comparison with the amount of data being backed up to tape

And many more

 

What are requirements / limitations?

 

Of course that solution has also some requirements, limitations or disadvantages.

  • Slower restores in comparison with some other solutions because sequential reads/writes
  • No direct guest-level restores are possible
  • You need a maintenance contract for the tape device, because it’s still a mechanical device
  • Specific tape device is needed : it’s generation dependent
  • You need to do some manual handling in changing the tapes
  • You need some organisation in the administration of tapes

In my opinion, there are much more advantages than disadvantages.

 

Therefore tapes are still used often.

 

😎In fact : the cloud storage used for the archive tier (like Azure Archive) use internally tapes as storage

 

So tapes are definitely not dead !!! 

 

 

Great article Nico. We still use tape and are getting more in to it with  Veeam and other services.

I have multiple PB’s of tape that agree with this statement. I have about 16 LTO8 drives writing full time. 

Hey @Nico Losschaert  great article, i will add some points if you don’t mind:

  • Tapes outside of the tape library or at the minimal in a Virtual Vault with a lockdown tape library (strong RBAC (from auth or network) or disconnected from the ethernet network. I heard some stories from the field, some insiders wiped tapes because it was not completely removed from the tape library and let in the production partition.
  • Use a third party to verify the content of the tape automatically or developp a routine to check backup from tapes.
  • Keep in mind, there is no erasure coding or raid for tapes, except you’re using some S3 archive solution. Better to keep 2 copies of your critical data on different tapes depending the risk analysis. From my experience a tape has a higher failure rate than a disk, specially when rewinding to be read.
  • Power consumption, tapes can store a huge of amount of data without the need to be powered. This is an important criterion to take into account, particularly with energy costs and greenIT.

I always add for a tape library or SAN to keep the superuser/admin/root password printed out and in a safe somewhere in the Datacenter vs a password manager as well. Disable SSH for SAN admin accounts that do not require it or whoever manages the library. Open the safe if needed.

I’ve heard of several ransomware/cyber attacks recently where they SSH into the SAN and delete the volumes or pools. Immutability doesn’t matter at that point. 

With a remote shell, hackers are using command line vs a GUI. Limiting that can help a large amount. 

Comment


Terms & Conditions