I would recommend that your legal staff be involved in any decision to externalize your data.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Russell Witt <[email protected]> Sent: Tuesday, October 21, 2025 9:28 PM To: [email protected] <[email protected]> Subject: Re: Tape retention Discussion External Message: Use Caution Peter, As others have stated, just because you write to virtual-tape doesn't mean retention isn't just as important. Just finished a SEV-1 because a client had accidentally scratched 10,000 volumes that they didn't mean too (lucky for them, their "Expire-Hold" was 2 days and they figured out what they did right away). One item I didn't notice discussed was the concept of the cyber-backup copy as opposed to the DR backup copy. A DR backup is normally only kept for 3-5 cycles. So if you backup your data once-a-day and your virtual-tape system is replicated offsite - in my opinion only 3 to 5 cycles should be sufficient for most DR restores. To be honest, if you have to go to anything EXCEPT the latest backup you must have had something more than a simple disaster. Now, a cyber-backup is different. And that depends on how paranoid you are regarding bad-actors getting into your system. Of course the best defense against bad actors is a strong firewall up front to keep everyone not authorized out. But that doesn't stop the bad actor that is already on the payroll. I have heard that the average time that a bad actor is active on the system before being detected is measured in weeks/months. So, I have heard of some sites that are now looking for cyber backups that are kept for 3-9 months. That becomes a LOT of data, even with TS7700's with TS7760's attached to them. One option that some clients are looking at is going to the cloud. A cyber-backup (again, different from a DR backup) falls into the "write once, read never" category which is cheap storage from the public cloud providers. Of course, mainframe data MUST be encrypted AT-HOME (on the Mainframe) before it gets sent to the Cloud. The options where you encrypt the data in the Cloud is like the person that keeps their spare key under the welcome mat. The encryption and the data storage itself should be kept at arms-length from each other (in my opinion). Plus, if the data is encrypted in the Cloud itself it is not being encrypted at the file-level (a requirement for PCI-DSS V4.0). But this is simply my 2-cents... Russell Witt CA 1 Architect Broadcom -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Peter Sent: Tuesday, October 14, 2025 10:57 PM To: [email protected] Subject: Tape retention Discussion Hello Just trying to understand some of your experience about physical tape backup up. I know almost most of the shops are tapeless. But when you had physical tape , 1 ) What are the files you backed up to 3590 ? 2 ) what was the retention period you followed for database , system volumes and user datasets ? 3 ) Generally to recover an entire lpar from a physical tape a volume level backup for an entire lpar would suffice ? Any information on the above would help me to research further. Regards Peter ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
