Module 4: Data availability And Data Protection Flashcards
Importance of data availability
Data is a critical input to more business processes.
Protect against:
Host server failure
Network crash
Storage failure
Operation system failure
Remove Singe Points of Failure (SPoF)
What is High Availablity
The ability to provide redundant devices, components or objects in an environment so that you have a cover should have of the primary items fail.
NETAPP HA Pair
Made up of two nodes.
Connected by an internal interconnect. (HA Interconnect) for fault tolerance.
Each node in a HA pair requires an interconnect to the disks and controller of the other node.
Fault Tolerance
Business’s continuity of mission-critical applications
Continuation of operations at a reduce level rather than failing completely
Configuration for multiple paths (such as dual hbas to servers).
Traditional Reasons for Data Protection
Disasters (natural, human-made, technology or other failures)
External Threats (DDos, virus, ransomware, other external threats)
Regulatory Compliance (Sec 17a-4, HIPPA, Sarbanes-Oxley act, GDPR, and others)
Internal threats (rogue admins, malicious insiders, email theft and others.)
Business Continuity
Maintains essential functions during and after a disaster has occurred
Requires a business continuity plan (guard against future disasters, ensure generation of revenue during disaster)
Requires embedded flexibility and resilience into business continuity planning.
Business Continuity Key Metric
RPO- RecoverPoint objective - Max acceptable time that data can be lost if failure occurs.
RTO - Recovery Time objective - max acceptable time before data is made available after failure
MTTR - Mean time to recovery - average time that a device takes to recover from any failure
MTTF - Mean time to failure - Represents the length of time that an item is expected to last in operation until it fails.
MTBF - Mean time between failures - How long an asset can run before the next unplanned breakdown happens.
RTT - Round trip time - duration in ms it takes for a network request to from a starting point to a destination and back
Snapshot copies
A storage snapshot is a copy of the live storage volume which taken at a particular time.
Can be used to recover files/objects from that snapshot.
Recover files and volumes that were accidentally deleted
Restore corrupted files
Snapshot-based replication can be used for backup and DR.
Replication
Creating an exact copy of the data in another location or another device.
Local replication is within the same system or the same data Center. (Quick)
Remote replication is to a remote secondary site. (Covers site wide outages). Can be sync, a-sync semi-sync.
Sync - waits for the write to be written to remote before ack
A-sync - confirms before write to the client is written to the remote. This can create LAG
Netapp: ONTAP DR solutions
Snapmirror Asynchronous - You can use data protection mirror replications to protect volumes: within a SVM to another SVM in the same cluster or to another cluster.
Snapmirror Synchronous (SMS) - zero data lost, rapid recovery.
Metro cluster Software - provides zero data loss, failover protection and nondisruptive upgrades
Supports SAN and NAS. Available as MetroCluster FC or MetroCluster IP
Data Backups
A data backup is an additional copy of production data either cold or hot
Cold backup - requires complete shutdown of application - undesirable in a 24/7 business
Hot backup - application remains online, application must be designed to run in a hot backup mode.
Data backup types
Full - backs up everything
Cumulative incremental - backups up everything that has changed since the last full backup
Differential Incremental - backups up everything that has changed since the last incremental
Incremental forever - uses only 1 full backup for all incremental backups afterwards
Components in a backup environment
Primary backup server
Secondary backup server (storage node)
Backup target (disk or tape)
Backup Client software
Backup topologies
LAN-Based backup - data is sent over an IP network (either production LAN or backup LAN)
LAN-free backup - data is backed up over the san, backup catalog data over the LAN
SAN backup - same as LAN-free backup
NDMP backup - used for filesystem backups Network data management protocol. For NAS backups
Storage Security
Triangle of security: Confidentiality, integrity, availability
Confidentiality - data is accessible to only authorised users
Integrity - data is always accurate and complete
Availability - data is available to users when they require it.
Key security Mechanisms
Network Level
Firewall
IDS/IPS
VLAN
Zoning
Storage level
Access Control
LUN masking
Data encryption
Firewall, IDS/IPS, VLAN, zoning
Firewall - A system that monitors IP traffic and uses rules to allow or disallow traffic.
IDS/IPS - intrusion detection and Intrusion prevention
VLAN - logical LAN network.
Zoning - SAN switch control of initiators and targets
Access Control, lun masking
Access Control
Authentication (usernames passwords. Multifactor Authentication)
Authorisation (determines what rights you have, full, RW, Read only)
LUN masking
Assignment of a LUN to a specific host based upon it wwn host details.
Netapp Encryption Solutions
Netapp Storage Encryption (NSE)
Netapp Volume encryption (NVE)
Netapp Aggreate Encryption (NAE)
Netapp Self-encryption drive (SED)
Cluster peer encryption - encrypts between peers
Data at rest - hardware based on the individual system
Data in flight - for NFS, CIFS and SMB
Data Governance
Set of principles and practice that help an enterprise to manage its internal and external data flows
Prerequisite to maintaining business compliance
Effective data governance strategy - covers people, process and technology
Risk Management
Evaluate Threats - external
Access exposure - potential damage from data security and privacy breach
Enforcing using technology - encryption based security, storage access controls, audit logging
Review people and processes - classification, role, separation, authentication quorum requirements, need to know, auditing
Compliance Overview
Regulations that a business must follow to protect sensitive digital asssets
Compliance is not the same thing as security.
If you do business in another state, follow that state’s compliance requirements and considerations.
There are consequences of non-compliance; Loss of brand reputation, severe penalties, business disruption.
Policies, regulations and laws
Sec 17a-4
HIPAA
Sarbanes-Oxley Act (SOX) - Patient records, financial records, etc
General Data protection regulation (GDPR)
Other regulations
Data Archiving
Long-term data retention and regulatory compliance requirements
Data archiving options (worm, CAS)
Benefits - reduce storage cost
Challenges - Legal compliance, growing data volumes
Auditing
Auditing provides the touchpoints that are necessary to regulate data use within an organisation
Monitor user action
Track authentication failures
Monitor invalid login attempts
Track permissions