[Info-vax] Meditech in the news

Thu Jan 13 19:17:41 EST 2022

>-----Original Message-----
>From: Info-vax <info-vax-bounces at rbnsn.com> On Behalf Of Arne Vajhøj via
>Info-vax
>Sent: January-12-22 7:44 PM
>To: info-vax at rbnsn.com
>Cc: Arne Vajhøj <arne at vajhoej.dk>
>Subject: Re: [Info-vax] Meditech in the news
>
>On 1/12/2022 5:23 PM, George Cornelius wrote:
>> Arne Vajh?j <arne at vajhoej.dk> wrote:
>> [...]
>>> Hewlett Packard said in a letter published by Kyoto University on
>>> December 29, 2021 that it took "100% responsibility" for the issue
>>> ...
>>> HPE said: "The backup script includes a find command to delete log
>>> files older than 10 days. In addition to functional improvement of
>>> the script, the variable name passed to the find command for deletion
>>> was changed to improve visibility and readability."
>>> ...
>>> The company added: "However, there was a lack of consideration in the
>>> release procedure of this modified script. We were not aware of the
>>> side effects of this behavior and released the [updated] script,
>>> overwriting [a bash script] while it was still running," HPE
>>> admitted. "This resulted in the reloading of the modified shell
>>> script in the middle of the execution, resulting in undefined
>>> variables. As a result, the original log files in /LARGE0 [backup
>>> disc storage] were deleted instead of the original process of deleting
files
>saved in the log directory."
>>> </quote>
>>
>> Say what you will, 100% online backup storage does not replace
>> magnetic tapes that are removed from tape drives and moved to a tape
>> rack or an external vault when the backup is complete.
>>
>> Backups should be physically secured, or at least something close to
>> that: an interlock associated with each backup such that it takes more
>> than mere programmatic action by root to overwrite it. Now that
>> ransomware takes steps to erase your backups, an interlock that
>> requires human intervention, perhaps at the storage array console
>> itself, in order to be overridden, should be the norm, not the
>> exception.
>
>There is certainly advantages of having backups on tape.
>
>But with hundreds of TB then the effort to do proper tape backup is
>significant.
>
>Arne
>

The traditional best practice backup strategy is often referred to 3-2-1.
This translates to 3 copies of data = 2 local (live + disk backup) + 1
offline with an air gap. 

By air gap, this usually refers to an offline copy in a separate facility,
so you have a copy that is not destroyed by a significant facility ending
event.

While storage increases have certainly put a strain on traditional tape
sub-systems and associated backup strategies, it should be noted that tape
technologies like LTO have also been seeing very large increases in speed
and capacity.

Reference:
<https://www.lto.org/>
<https://www.lto.org/lto-9/>
- 18TB per single cartridge, 45TB compressed.

<https://www.quantum.com/en/products/tape-storage/>
Large tape library can support up to 540PB (yes, PB) tape storage

One biggie for tape is that current LTO tape solutions will do a write, then
read-back for every write. Disks just do a write, unless you do a
backup/verify type operation.

In todays "Cloud" (aka outsourcing) world, here is what can happen using the
traditional cloud backup if there is no air gap between your data and your
backups:
<https://www.networkcomputing.com/cloud-infrastructure/code-spaces-lesson-cl
oud-backup>

Regards,

Kerry Main
Kerry dot main at starkgaming dot com

-- 
This email has been checked for viruses by AVG.
https://www.avg.com