You are previewing Data Protection and Information Lifecycle Management.
O'Reilly logo
Data Protection and Information Lifecycle Management

Book Description

The Definitive Guide to Protecting Enterprise Data

Your enterprise data is your most critical asset. If it's compromised, your business can be destroyed. Don't let that happen-leverage today's state-of-the-art strategies, best practices, and technologies and protect your critical information. In Data Protection and Information Lifecycle Management, leading industry consultant Tom Petrocelli presents a systematic, coherent approach to planning and implementing cost-effective data protection.

This book introduces Information Lifecycle Management (ILM), a powerful new strategy for managing enterprise information based on its value over time. The author explains emerging techniques for protecting storage systems and storage networks, and for integrating storage security into your overall security plan. He also presents new technical advances and opportunities to improve existing data-protection processes, including backup/restore, replication, and remote copy.

Coverage includes

  • A complete, unique framework for considering and planning data protection

  • Understanding storage technology from the standpoint of data protection

  • Architecting more effective backup/restore solutions

  • Using remote copy and replication to keep data synchronized and support immediate failover to hot sites

  • Leveraging core computer security concepts and strategies to protect your most critical data

  • Securing your entire storage infrastructure, not just servers

  • Using policy-driven data protection and Data Lifecycle Management (DLM) to improve security and reduce cost

  • Using ILM to identify your highest-value data and choose the right ways to protect it

Data Protection and Information Lifecycle Management is an indispensable resource for IT executives who must plan and implement strategies for data protection; administrators who must protect data on a day-to-day basis; and product managers, consultants, and marketers responsible for crafting superior data-security solutions.



Table of Contents

  1. Copyright
    1. Dedication
  2. Acknowledgments
  3. About the Author
  4. Preface
    1. Who Is This Book For?
    2. How This Book Is Arranged
    3. What You Will Take Away from This Book
  5. 1. Introduction to Data Protection
    1. What Does Data Protection Mean?
    2. A Model for Information, Data, and Storage
    3. Why Is Data Protection Important to the Enterprise?
    4. Data Loss and Business Risk
      1. The Effect of Lost Data on Business Operations
        1. Risk to Sales
        2. Inability to Operate
        3. Lawsuits and Fines
        4. Theft of Information
      2. Reasons for Data Loss
        1. Disasters
        2. Security Breaches
        3. Accidental Data Loss
        4. System Failure
    5. Connectivity: The Risk Multiplier
    6. Business Continuity: The Importance of Data Availability to Business Operations
    7. The Changing Face of Data Protection
      1. Remote Data Movement and Copy
      2. Disk-Based Backup
      3. Networked Storage
      4. Information Lifecycle Management
    8. Key Points
  6. 2. An Overview of Storage Technology
    1. A Quick History of Data Storage
      1. The Roles of Different Storage Devices
      2. Arrays, Libraries, and Jukeboxes
    2. Storage I/O Basics
      1. How Data Is Accessed and Stored on Media
      2. Access Time
        1. Latency
        2. Transfer Time
      3. Streaming Tape
    3. The I/O Stack
      1. Block I/O
      2. File I/O
      3. RAID
        1. RAID Controllers
    4. Direct Attach Storage
      1. SCSI
        1. Targets and Initiators
        2. SCSI Addressing
        3. Parallel SCSI
        4. Serial Attached SCSI (SAS)
        5. The SCSI Protocol
        6. LUN Masking
      2. ATA
        1. Serial ATA (SATA)
    5. Network Attached Storage (NAS)
      1. The File Head
      2. Storage Architectures Using NAS
      3. File Server Replacement
        1. Web Server Farms
    6. Storage Area Networks
      1. SAN Components
      2. Fibre Channel (FC)
        1. Fibre Channel Network Stack
        2. Fibre Channel Topology: Point-to-Point, Fabrics, and Loops
        3. Fibre Channel Addressing
        4. Fibre Channel SAN Components
        5. Zoning
        6. Port Blocking
      3. IP-Based SANs
        1. iSCSI
    7. Extending SANs over MAN and WAN
    8. Key Points
  7. 3. Backup and Restore
    1. The First Line of Defense
    2. Designing Storage Systems for Backup and Recovery
      1. Recovery Time Objective and Recovery Point Objective
      2. Internal DAS Backup
      3. External DAS Backup
      4. LAN-Based Backup
      5. SAN Backup
        1. LAN-Free Backup
        2. Server-less Backup
      6. Backing Up NAS
        1. NAS and SANs in Backup
        2. NAS Backup Using NDMP
      7. Backup and Restore Software
    3. Recovering from Disaster: Restoring Data
    4. Things That Go Wrong with Restore Operations
      1. Bad Media
      2. Data Corruption
      3. Network Congestion
    5. Tape Backup
    6. Disk-to-Disk Backup
    7. Disk-to-Disk to Tape
    8. Backup and Restore Practices
      1. Single-Tape Backup
      2. Rotating Backups
      3. Full and Incremental Backups
      4. Selective Backup and Restore
    9. Application-Level Backup and Recovery
      1. Structured Object Backup Constraints
      2. Off-Site Backups
      3. SAN Backup Deployment Steps
    10. Case Study: Bingham McCutchen
    11. Key Points
  8. 4. Remote Copy and Replication: Moving Data to a Safe Location
    1. How Remote Copy and Replication Are Different from Backup
    2. Remote Copy
      1. Failover
      2. Remote Copy Topologies
        1. Host-Based
        2. Disk System
        3. Network-Based Copy
    3. Design Considerations for Remote Copy
      1. Bandwidth
      2. The Causes of Network Latency
        1. Distances
      3. Synchronous and Asynchronous Remote Copy
      4. Bunkering
      5. Cost Considerations
    4. Replication
      1. Database and E-Mail Replication
      2. File Replication
    5. Case Study: PdMain
    6. Key Points
  9. 5. Basic Security Concepts
    1. Least Privilege
    2. Security Posture
    3. Defense in Depth
      1. Perimeter Defense
        1. Firewalls
        2. Intrusion Detection Systems and Intrusion Response Systems
      2. Host and Application Defense
      3. Authentication and Access Control
        1. Two-Factor and Multifactor Authentication
        2. User versus Host Authentication
    4. Diversity of Defense
    5. Encryption
    6. Typical Attacks
      1. Denial of Service
      2. Exploiting Programmer Errors
      3. Man-in-the-Middle Attacks
      4. Viruses and Trojan Horses
    7. Key Points
  10. 6. Storage System Security
    1. The Role of Storage Security in Enterprise Data Protection
    2. DAS Security
    3. SAN Security
      1. Fibre Channel Vulnerabilities
      2. Lack of User Account Authentication
        1. Soft Zoning and World Wide Name (WWN) Spoofing
        2. No Protocol-Level Encryption
        3. Inadequate Isolation
        4. Fibre Channel Arbitrated Loop and LIPs
        5. Fibre Channel over IP: Effects of Gateway Devices
        6. Management Interfaces: IP and Vendor API
        7. Bypassing the File System
        8. Using Fibre Channel Analyzers
        9. In a Nutshell: All Are Trusted
      3. IP-Based SAN Vulnerabilities
        1. Authentication in iSCSI
        2. SCSI Attacks from Unknown or Spoofed Hosts
        3. DoS Attacks
        4. Firewalls Do Not Speak iSCSI
        5. Multiple TCP/IP Connections
        6. Software and Configuration Holes Exploitable by External Hackers
      4. Attack Vectors Common to All SCSI Storage Devices
        1. Inline Management through SCSI Commands: SCSI Enclosure Services
        2. LUN Masking and Locking Uncovered
        3. Controllers Susceptible to Server Type Programming Errors
      5. NAS Security
      6. Securing Files Through Access Control and Encryption
        1. Manual Encryption
        2. Automated Encryption
    4. Internal and External Vectors
    5. Risk
      1. Outcomes of Storage Security Breaches
      2. Connectivity as a Risk Multiplier
      3. Vendor Lock-In
    6. Security Practices for Storage
      1. Separate Networks for Management
      2. Hard Zoning in FC Networks
      3. Strong Application and Host Security
      4. SAN System Management Software
      5. Secure SAN Switch Operating Systems
      6. Manage IP Connections
      7. Use LUN Locking in Addition to LUN Masking
      8. Use Encryption
      9. A Storage Security Checklist
    7. Secure Fibre Channel Protocols: FC-SP and FCAP
    8. Case Study: Transend Services
    9. Key Points
  11. 7. Policy-Based Data Protection
    1. Difficulties with Data Protection Strategies
      1. What Is Policy-Based Data Protection?
      2. Policy Development Guidelines
      3. A Sample Data Protection Policy
      4. The Reasons Policy-Based Strategies Fail
    2. Data Lifecycle Management (DLM)
      1. Data Lifecycle Management and Data Protection
      2. DLM Policies
        1. DLM Automation
        2. Multi-tier Storage Architectures
    3. Key Points
  12. 8. Information Lifecycle Management
    1. Information Assurance and Data Protection
    2. What Is Information Lifecycle Management?
      1. Information Has Value
      2. Misconceptions Around ILM
      3. Why Bother with ILM?
    3. Unstructured and Structured Information
    4. The Importance of Context
      1. Different Types of Context
      2. Characteristics of Information
    5. Determining and Managing Information Context
      1. The Anatomy of an E-Mail
      2. Classification
      3. State
      4. Tracking State and History
      5. Content
    6. Location and the Information Perimeter
      1. Information Path
      2. Information Perimeter
    7. The Information Lifecycle
      1. A General Model
      2. Life and Death of Information
    8. An ILM Schema
    9. Matching Information Value to Protection Options
    10. The Changing Value of Information
    11. Regulatory Concerns
      1. Sarbanes-Oxley
      2. Health Insurance Portability and Accountability Act
      3. E-Privacy Directive (Directive 2002/58/EC)
      4. Other Regulations and Laws
    12. Protecting Information Using ILM Policies
    13. Controlling Information Protection Costs
    14. Automating ILM
      1. Policy Engines
      2. Search and Classification Engines
      3. ILM Auditing and Tracking
      4. Content Addressed Storage
      5. Information Movers
    15. Case Study: MidAmerica Bank
    16. Key Points
  13. A. XML Schemas and Document Type Definitions for Policy Statements
  14. B. Resources
    1. Books Worth Reading
    2. Organizations and Conferences
    3. Web Sites Worth Visiting
    4. Government Documents and Resources
  15. C. Acronyms
  16. Glossary
  17. Bibliography