News
6/3/2011
12:08 PM
George Crump
George Crump
Commentary
50%
50%

How To Design A 100 Year Data Retention Strategy

A cost effective hardware strategy is only the first step, a process and software strategy is vital to identifying for retention and moving it from primary storage.

100 years is a long time to retain anything let alone electronic data. While not everyone needs to retain data for that long, most organizations have retention needs at least in the seven to 10 year range. Most modern storage systems, however, are not designed to last more than five years, so how to create a storage strategy that can retain data for more than a century?

There are two components to a 100-year retention strategy. The first is to develop a hardware strategy that can cost effectively store that data for the next 100 years. The second is to develop a software and process strategy that will identify and move data to the retention storage area, ideally removing it from primary storage. I believe we need to be driving toward a data center where primary storage is small, fast, and only used for the most active set of data. Even at today's prices, many environments could be solid-state storage only for their primary tier.

I am specifically avoiding calling this storage area an archive tier. Using the term archive implies that this data will be moved to the archive, never to be accessed again. Thanks to initiatives like analytics, litigation management, and compliance, this data will be accessed and the system needs to be able to deliver that data in a timely manner relative to its age and no matter what all the data needs to be easily found.

This does not mean though that the disk tier needs to be disk only. I struggle with how organizations are going to afford to be able to keep 100 years of data on spinning disk. I don’t think all the power management and deduplication in the world is not going to make 100 years of disk only retention a reality. Additionally tape has overcome some of its challenges when it comes to use as a long term archive specifically in the form of the Long Term File System (LTFS) as we discuss in our article "What is LTFS?". The answer for the retention storage area is going to be a mixture of tape and disk.

The disk component needs to be a scaleable infrastructure where nodes of storage can be added to the disk area. More importantly, as we describe in our recent article "Building Affordable, Scalable Storage Infrastructures", these scaleable designs need to support mixed node types. This means nodes of varying disk capacity and processor types but still acting as one within the cluster. This is important because it allows for a rolling migration of storage nodes as equipment ages. Meaning that, over time, you can add new nodes with the latest processors and storage while at the same time gradually deactivating older nodes. This allows you to upgrade the cluster but not have to do a massive data migration, which, depending on the archive, may be almost impossible because of the capacity of the storage area.

The size of the disk component of this retention tier though should be kept at a reasonable level for what you need. Analytics (Big Data) will need to be larger because of the amount of data that needs to be scanned. Compliance and other forms of retention areas can have smaller disk areas but will still be large in comparison to primary storage. The fact that scale out systems can potentially scale to hundreds of nodes does not mean that you want to power, cool, and protect hundreds of nodes. At some point, and I know the disk guys won't like this, you really do need to push to tape. In the past, I have advocated for a disk only repository but LTFS in large part changes all that. I’ll explain why and how to use tape in this 100 year retention strategy in our next entry.

Follow Storage Switzerland on Twitter

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Storage Switzerland's disclosure statement.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.