Module 4: Data availability And Data Protection

Question 1

Importance of data availability

Answer 1

Data is a critical input to more business processes.

Protect against:
Host server failure
Network crash
Storage failure
Operation system failure

Remove Singe Points of Failure (SPoF)

Question 2

What is High Availablity

Answer 2

The ability to provide redundant devices, components or objects in an environment so that you have a cover should have of the primary items fail.

Question 3

NETAPP HA Pair

Answer 3

Made up of two nodes.
Connected by an internal interconnect. (HA Interconnect) for fault tolerance.

Each node in a HA pair requires an interconnect to the disks and controller of the other node.

Question 4

Fault Tolerance

Answer 4

Business’s continuity of mission-critical applications
Continuation of operations at a reduce level rather than failing completely
Configuration for multiple paths (such as dual hbas to servers).

Question 5

Traditional Reasons for Data Protection

Answer 5

Disasters (natural, human-made, technology or other failures)
External Threats (DDos, virus, ransomware, other external threats)
Regulatory Compliance (Sec 17a-4, HIPPA, Sarbanes-Oxley act, GDPR, and others)
Internal threats (rogue admins, malicious insiders, email theft and others.)

Question 6

Business Continuity

Answer 6

Maintains essential functions during and after a disaster has occurred
Requires a business continuity plan (guard against future disasters, ensure generation of revenue during disaster)
Requires embedded flexibility and resilience into business continuity planning.

Question 7

Business Continuity Key Metric

Answer 7

RPO- RecoverPoint objective - Max acceptable time that data can be lost if failure occurs.
RTO - Recovery Time objective - max acceptable time before data is made available after failure

MTTR - Mean time to recovery - average time that a device takes to recover from any failure
MTTF - Mean time to failure - Represents the length of time that an item is expected to last in operation until it fails.
MTBF - Mean time between failures - How long an asset can run before the next unplanned breakdown happens.
RTT - Round trip time - duration in ms it takes for a network request to from a starting point to a destination and back

Question 8

Snapshot copies

Answer 8

A storage snapshot is a copy of the live storage volume which taken at a particular time.
Can be used to recover files/objects from that snapshot.

Recover files and volumes that were accidentally deleted
Restore corrupted files
Snapshot-based replication can be used for backup and DR.

Question 9

Replication

Answer 9

Creating an exact copy of the data in another location or another device.
Local replication is within the same system or the same data Center. (Quick)
Remote replication is to a remote secondary site. (Covers site wide outages). Can be sync, a-sync semi-sync.

Sync - waits for the write to be written to remote before ack
A-sync - confirms before write to the client is written to the remote. This can create LAG

Question 10

Netapp: ONTAP DR solutions

Answer 10

Snapmirror Asynchronous - You can use data protection mirror replications to protect volumes: within a SVM to another SVM in the same cluster or to another cluster.

Snapmirror Synchronous (SMS) - zero data lost, rapid recovery.

Metro cluster Software - provides zero data loss, failover protection and nondisruptive upgrades
Supports SAN and NAS. Available as MetroCluster FC or MetroCluster IP

Question 11

Data Backups

Answer 11

A data backup is an additional copy of production data either cold or hot

Cold backup - requires complete shutdown of application - undesirable in a 24/7 business
Hot backup - application remains online, application must be designed to run in a hot backup mode.

Question 12

Data backup types

Answer 12

Full - backs up everything
Cumulative incremental - backups up everything that has changed since the last full backup
Differential Incremental - backups up everything that has changed since the last incremental
Incremental forever - uses only 1 full backup for all incremental backups afterwards

Question 13

Components in a backup environment

Answer 13

Primary backup server
Secondary backup server (storage node)
Backup target (disk or tape)
Backup Client software

Question 14

Backup topologies

Answer 14

LAN-Based backup - data is sent over an IP network (either production LAN or backup LAN)
LAN-free backup - data is backed up over the san, backup catalog data over the LAN
SAN backup - same as LAN-free backup
NDMP backup - used for filesystem backups Network data management protocol. For NAS backups

Question 15

Storage Security

Answer 15

Triangle of security: Confidentiality, integrity, availability

Confidentiality - data is accessible to only authorised users
Integrity - data is always accurate and complete
Availability - data is available to users when they require it.

Question 16

Key security Mechanisms

Answer 16

Network Level
Firewall
IDS/IPS
VLAN
Zoning

Storage level
Access Control
LUN masking
Data encryption

Question 17

Firewall, IDS/IPS, VLAN, zoning

Answer 17

Firewall - A system that monitors IP traffic and uses rules to allow or disallow traffic.
IDS/IPS - intrusion detection and Intrusion prevention
VLAN - logical LAN network.
Zoning - SAN switch control of initiators and targets

Question 18

Access Control, lun masking

Answer 18

Access Control
Authentication (usernames passwords. Multifactor Authentication)
Authorisation (determines what rights you have, full, RW, Read only)

LUN masking
Assignment of a LUN to a specific host based upon it wwn host details.

Question 19

Netapp Encryption Solutions

Answer 19

Netapp Storage Encryption (NSE)
Netapp Volume encryption (NVE)
Netapp Aggreate Encryption (NAE)
Netapp Self-encryption drive (SED)

Cluster peer encryption - encrypts between peers
Data at rest - hardware based on the individual system
Data in flight - for NFS, CIFS and SMB

Question 20

Data Governance

Answer 20

Set of principles and practice that help an enterprise to manage its internal and external data flows

Prerequisite to maintaining business compliance

Effective data governance strategy - covers people, process and technology

Question 21

Risk Management

Answer 21

Evaluate Threats - external
Access exposure - potential damage from data security and privacy breach
Enforcing using technology - encryption based security, storage access controls, audit logging
Review people and processes - classification, role, separation, authentication quorum requirements, need to know, auditing

Question 22

Compliance Overview

Answer 22

Regulations that a business must follow to protect sensitive digital asssets

Compliance is not the same thing as security.

If you do business in another state, follow that state’s compliance requirements and considerations.

There are consequences of non-compliance; Loss of brand reputation, severe penalties, business disruption.

Question 23

Policies, regulations and laws

Answer 23

Sec 17a-4
HIPAA
Sarbanes-Oxley Act (SOX) - Patient records, financial records, etc
General Data protection regulation (GDPR)
Other regulations

Question 24

Data Archiving

Answer 24

Long-term data retention and regulatory compliance requirements
Data archiving options (worm, CAS)
Benefits - reduce storage cost
Challenges - Legal compliance, growing data volumes

Question 25

Auditing

Answer 25

Auditing provides the touchpoints that are necessary to regulate data use within an organisation

Monitor user action
Track authentication failures
Monitor invalid login attempts
Track permissions