LTFS as NAS Architecture
Linear Tape File System as Network Attached Storage
LTFS as NAS Architecture provides the lowest cost form of archive storage. Total cost of ownership for tape is a fraction of that spent with disk-based storage systems. They can reliably and cost-effectively archive data for years or even decades reducing operating costs dramatically
(electricity, cooling, maintenance and capacity upgrades).
Advantages of using a Tape as NAS solution compared to traditional disk-based archiving system
LTO tape is designed for 15 to 30 years of archival storage.
Error rate 1000 better than hard disk (SATA)
QStar LTFS as NAS architecture virtualizes a tape library, effectively converting it into network-attached storage – NAS for sharing with multiple users and applications.
Users can browse the file system using Explorer type searches while “archive aware” applications, such as MAMs, Video Surveillance, Healthcare PACS and email archive, can archive data directly to a network share or mount the tape library.
The solution supports common networking protocols (SMB and NFS) plus S3 compatible API commands and is integrates on either a Windows or Linux server.
Files that are stored in a LTFS as NAS environment are retrieved in the same manner as the native operating system, even though the data is actually stored in a tape library.
Not only do users not realize that the volume (file system) they are accessing was created on tape and not on disk, but, through a sophisticated cache architecture, the read/write data activity is managed so effectively, that performance is comparable to a NAS device.
Transparency is such that the architecture is also supported by virtual machine (VM) environments, even though the VM environment is not designed to support tape drives; existing applications installed in a VM can access the Tape as NAS architecture just like a standard NAS disk. Data can be accessed transparently over the network.
The majority of files are rarely accessed more than 30 days after their creation, and many are never opened twice. Most static files stay online by default, frequently on expensive primary and secondary storage disks. Holding so much inactive data in the original storage locations is extremely costly over the years. The QStar LTFS as NAS solution is designed specifically to combat the relentless explosion of data, cut local storage infrastructure costs and optimize data. The solution provides transparent and automatic migration of static files from local infrastructure to the LTFS as NAS archive, using attributes such as date created, modified, accessed, file owner, size and extension. Meanwhile, it restores data to its original location in real time, completely transparently to applications, network and users.
Many companies still confuse backup and archiving!
Essentially, backup is always a copy while an archive is the original that
was removed from its initial location and archived for long-term safe retention.
QStar has significantly enhanced LTFS functionality by including the Volume-Spanning option long before its market competitors. This function can combine all media contained within a tape library as one or multiple volumes. Basically, all media in the tape library can be made to appear as a single (or multiple) share(s) or a standard Windows folder, capable of growing in size automatically as new data is archived, through a fully automatic and unattended process. This approach not only removes the complexity of handling hundreds or thousands of volumes assigned to each single medium, but also does away with the manual cartridge selection process.
LTFS offline media management
File location information is stored in an internal database within the cache. All files, even for those no longer in the library following a media export, can be discovered. Should a user or application request the exported files, the system will automatically notify the storage administrator by email, providing the barcode details of the cartridge containing the required files. Media within the spanned volume can be removed from the tape library and will continue to appear in the shared / mounted volume, provided that the extended retrieval times in question can be tolerated.
The LTFS as NAS environment requires no external backup, it protects archived data by making multiple media copies for use in the event of disaster. Should, for any reason, a file on primary media (retained in the library) become unreadable, other copies of the damaged file will be automatically requested and used. LTFS as NAS implement a sophisticate active check data control for data already written to tape. To ensure the integrity of data all the time, media integrity scans are run periodically to ensure data on primary media is readable and remedial steps is taken in real time.
The Media Copy function lets you create one or more identical copies of the media already present in the tape library. This operation can also be scheduled for off-peak times. As a rule, these copies are then exported from the library and stored in secure locations.
The Incremental Copy function writes a second copy to secondary media at scheduled intervals (typically at night). This allows all available tape drives to be used for standard read/write operations during peak hours. Incremental copying then copies only the data that has been added to the primary copy that day.
Once both primary and secondary media copies are full, it is recommended that the secondary copy be exported and stored in a secure location. The Multiple Incremental Copy function works just like Incremental Copy, the difference being that it makes several incremental copies that are rotated in and out of the tape library. This function offers a further level of protection: the copies can be frequently exported, thus reducing the risk in the event of disaster.
The Multiple Incremental Copy function works just like Incremental Copy, the difference being that it makes several incremental copies that are rotated in and out of the tape library. This function offers a further level of protection: the copies can be frequently exported, thus reducing the risk in the event of disaster.
To prevent files in the archive from being accidentally or deliberately deleted or overwritten, the LTFS as NAS solution supports Retention Management that can set all files and metadata to read-only status for a predetermined period of time. A retention time is created for each integral volume at the cache level. Once this time has expired, the cached data and metadata is returned to standard read/write status and can be deleted.
The increased popularity of Active Archive tape-based architecture was driven by the introduction of the Linear Tape File System (LTFS) standard initially introduced with LTO-5. The LTFS format complies with standard ISO/IEC 20919:2016. The format guarantees media interchange between operating systems and different archive system manufacturers who have adopted it.
The Active Archive can import LTFS media created outside of the main archive, e.g. from a remote site or another manufacturer who has adopted this standard. LTFS media can be imported in order to be transferred between different remote sites; likewise, LTFS media created within the local Active Archive environment can be exported and read by other solutions based on the same LTFS standard.
The key advantage of the LTFS ISO standard is the option of transferring recorded media between different operating systems, applications and platforms that employ this format so that the tape can be used just like a disk. You can even drag and drop files from folders on the server to the tape using a standard operating system directory.
3D Gateway migrates and archives data securely across multiple copies and locations and different LTO media in the local LTFS as NAS Active Archive. LTO rewritable media in general offers very high-level data archive security. For all cases where data must not be altered accidentally or must comply with regulatory archiving standards, there is also a non-rewritable LTO WORM version. The LTO WORM cartridge was developed to allow organizations to store critical data which once written cannot be overwritten or tampered with.
Another benefit of LTO WORM media is its compliance with various regulatory requirements including the 2002 Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and SEC Rule 17-a-4(f). The data can be also encrypted for an even higher level of security. LTO tapes can be encrypted with 256-bit AES-GCM encryption, and the data can be compressed prior to encryption to maximize tape capacity and provide high performance archiving.
An LTO WORM Cartridge is identical to a normal LTO cartridge except that its LTO-CM chip identifies it as WORM to the drive and the servo track is slightly different to allow verification that the data has not been modified. It may also come with tamper proof screws. WORM-capable drives immediately recognize WORM cartridges and include a unique WORM ID with every dataset written to the tape. There is nothing different about the actual tape medium in a WORM cartridge, though typically, WORM cartridges do have a different color packaging.
In recent years we have seen an enormous growth in criminal activity via malware, hacking and, above all, ransomware. This last is an incredibly effective addition to the already vast category of cyber threats that have been around for some years. Sadly, criminal activity is evolving as fast as data protection. It is quite impossible to feel safe just by installing software, even of the latest generation, to protect against such criminality. These days we need top level security measures that go beyond the traditional systems. News stories abound of organizations that have spent millions of dollars in infrastructure security only to fall hopeless victims to attack. Ransomware comes in a variety of forms. Lock-screen ransomware, as the name suggests, causes the PC to freeze and show a message demanding payment, making the computer unusable until the malware is removed. While this is a nuisance for users, it generally only involves a single PC, and is usually relatively easy to remove. The rapidly emerging ransomware cryptography, on the other hand, is a gigantic threat to companies since it can permanently block the whole corporate network. Files remain encrypted until the company pays up to receive the decryption key – always assuming that the criminals actual hand it over once they have been paid. The immediate question this raises is how can we trust such people? Not to mention the worry that decryption might not even work after paying a ransom. Companies that have suffered an attack, and unfortunately there are plenty of them, as so often happens realized too late that they had underestimated this increasingly widespread danger. Backup protection is one of the most basic ways to systematically combat the threat, but it is not sufficient on its own. Today’s company backups use storage systems with data deduplication based on hard disks and usually an internal embedded Linux server to manage the actual deduplication system, that can be easily attacked, blocking all backups! Even in the most fortunate of cases, backups do not save very recent data, so data loss is in any case inevitable. QStar has developed a specific technology and methodology to protect customers from ransomware attacks thanks to a super secure archive that does not allow direct access to its content.
Inactive data security using “Data at Rest Encryption”
“Data at rest” is a definition used to describe all data in storage; this therefore excludes all data residing in temporary memory (RAM), data to be read and/or updated or in transit across the network. Data at rest can also mean files that have not changed or are modified only rarely.
Data at rest may also refer to data that is regulated but not subject to change. Examples include all important files stored on company disks, the servers of a SAN network or files on service provider servers used for off-site backups and of course
LTFS tapes used as part of an Active Archive are by definition easily transported and read by multiple solutions on multiple operating systems. Encryption is a key element in preventing unauthorized access to this information. Using this method, cartridges can only be read by those in possession of the correct decryption key.
Active Archive LTFS as NAS primarily uses the encryption option provided by tape drives. Encrypt and decrypt operations are performed automatically as part of the tape write / read operation. There is no overhead to using tape drive encryption as each tape drive includes a specific encryption chip to undertake these operations. QStar recommends that all tape media containing confidential information be encrypted. Until recently, all encryption key management systems used their own proprietary procedures. Today tape libraries mainly encrypt data using the Key Management Interoperability Protocol (KMIP) Specification that is governed by the Organization for the Advancement of Structured Information Standards (OASIS). The KMIP Specification guarantees a key management procedure conforming to a market-approved standard and offering maximum protection for encrypted data. QStar provides an encryption option as well, although this is typically only used for non-tape based archives, such as archiving to cloud storage.
QStar developed a proprietary file system using Volume Spanning to manage tape libraries almost a decade before the current LTFS format was introduced on the market. In some respects, the TDO file system does offer certain advantages over the LTFS format. Unlike the latter, a single file can be spanned across two different media (File Spanning). Performance is slightly improved as media formatted with TDO does not use multiple partitions. TDO and LTFS file systems can coexist within the same tape library, if required.
|LTFS||TDO QStar Format|
|Open standard (portability)||Yes (governed by ISO/IEC 20916:2016)||No|
|Files can span multiple tapes||No, files cannot be spanned with standard LTFS 2.2||Yes, QStar fills tapes to capacity before advancing to the next tape in the set.|
|WORM media support||No||Yes|
|Limitations on filename length and allowed characters||Yes||No|
|File size sensitivity||Performance favors large files (GBs)||No file size sensitivity|
|Block replication support||No||Yes|
|File replication support||Yes||Yes|
Extreme levels of data consistency and integrity in case of disaster with the TDO QStar file system
Each TDO integral volume database remains on the cache and stores information about all activities for each individual archived file, including all replicated or copied locations. In order to guarantee data integrity, the database is written periodically to each tape media in the integral volume. Should the cached database or server be destroyed or become corrupted, the entire database can be quickly reconstructed by reading the last cartridge in each media set and rebuilding each integral volume.
With LTFS and LTO technologies, you can rest assured that your digital assets are protected in a simple, cost-effective and secure system.
The QStar Kaleidos is an S3-compliant object storage platform that enables enterprises and service providers to build reliable, private, hybrid or public cloud storage environments that deliver reliability, security and unlimited scalability.
Kaleidos offers enterprise-class customers a tremendous reduction in TCO compared with traditional NAS/SAN storage, unlimited scalability, superior data protection and flexibility, while achieving improved customer retention through enhanced service delivery (SLA), reduced acquisition costs, and enhanced agility through global accessibility across all end user devices.
Kaleidos Object Storage is made with standard high-performance capacity servers. QStar Object Storage Manager (OSM) software runs on all server nodes and forms a cluster to provide a single pool of storage resources across all nodes.
QStar Storage Reporter lets you perform detailed analysis of data composition in the existing storage infrastructure, provides key statistics on existing storage infrastructures without interrupting business operations. Storage Reporter will take just a few hours to perform an assessment of storage rather than the weeks normally required to carry out such a task. Storage Reporter is simple to install and run. Results of the scan are stored in a database, allowing many reports to be generated without the need to rescan each time. QStar Storage Reporter means that storage infrastructure optimization is really just a click away. Key report formats are conveniently pre-configured and results can be displayed graphically or non-graphically (table format). Custom reports can also be created, as needed. Any report can be exported as a txt or xml file, by selecting the Export button. Once exported, the file can be opened using MS Excel. Running Simulated Reports is a way of determining how the storage would look after a migration has taken place in order to create a simulated report a policy must be created.