I am in the unfortunate position of my backup methodology being declared as noncompliant for SOX. I will outline briefly what and how I do things and hope that someone can either corroborate or dispute my assertions that I am compliant.
We do GFS backups to the SAN without verification since there is no potential of media problems (bad tape). The SAN is tested by nature of actual frequent restores and monthly tape copies. All requested restores normally are done from the SAN with the LTO tape copies as extra assurance for long term archiving.
At the beginning of every month, I run this scripted TapeCopy of every monthly tape as per the following example:
tapecopy -s NOTES_D -d LTO -t M-NOTES-TUE-05/31/05 -c TM-NOTES-TUE-05/31/05 -m MLY_TAPE -g
With the -g switch, after the copy has successfully completed, the physical LTO tape is then read and merged into the catalog DB. All this is then logged to a tpcopyxxxx.log file, a sample of which I have enclosed. I contend that the TapeCopy tests both the SAN *virtual* tape's integrity, and also the physical LTO tape's integrity. The physical LTO tape is further verified because the merge operation reads from the physical tape. In my opinion, the entire copy and merge operation is more of a test of the LTO tape media than any single test restore.
The SOx auditor does not accept this and insists that I must test each and every tape by doing test restores and that I must then retain the test results for two years.
The problem I have with that is two fold. First, my scripted TapeCopy is asynchronous (disconnects from the actual submitted job) so it does not know when the copy and subsequent merge operation completes so that I could automate a sequenced test restore. The system will not queue up multiple requests, so to play it safe, I copy one tape per day. I rely on the tpcopyxxxx.log for verification. The second problem then is that if I did test restores, the resultant logs would be buried in the one large (32 meg) monolithic BrightStor.log file. It would be a tedious task to extract the specific job details to satisfy SOx reporting.
I am being told that I must maintain the logs for two full years! I suspect the tpcopyxxxx.log files would never be pruned automatically but the BrightStor.log I doubt would retain two years of details and even if it did, finding and extracting the specific request would be very tedious.
Code:
11:42:26 ************************************************************
*----------Computer Associates Tape Copy Utility,----------*
*Copyright (c) 2004 Computer Associates International, Inc.*
*-------------------All rights reserved.-------------------*
************************************************************
COMMAND LINE: tapecopy -s NOTES_D -d LTO -t M-NOTES-TUE-05/31/05 -c TM-NOTES-TUE-05/31/05 -m MLY_TAPE -g
Tsi connection established as [TAPECOPY-f08]
Tapes are in the device groups: src- NOTES_D , trg- LTO
Connecting to tapes...
Connecting to source tape name [M-NOTES-TUE-05/31/05] rid [42c1] seq [1] s/n[1200000].
Connecting to target tape [] rid [0] seq [0] s/n [ARS223L1]
Making the destination tape a non-mux tape.
Positioning source tape..
Positioning target tape..
Starting session on source tape..
Starting session on target tape..
Session 1 started on source
Session 1 started on target
Session 1 copied from source tape to
Session 1 on the target tape
Kb copied : 2920192
Total time : 1.2 minutes
Throughput : 2539.297 mb/min
Session 2 started on target
Session 2 copied from source tape to
Session 2 on the target tape
Kb copied : 119606336
Total time : 42.1 minutes
Throughput : 2839.161 mb/min
Session 3 started on target
Session 3 copied from source tape to
Session 3 on the target tape
Kb copied : 453440
Total time : 0.2 minutes
Throughput : 2650.404 mb/min
Session 4 started on target
Session 4 copied from source tape to
Session 4 on the target tape
Kb copied : 3761984
Total time : 1.4 minutes
Throughput : 2713.393 mb/min
Session 5 started on target
Session 5 copied from source tape to
Session 5 on the target tape
Kb copied : 39543744
Total time : 16.3 minutes
Throughput : 2426.848 mb/min
Session 6 started on target
Session 6 copied from source tape to
Session 6 on the target tape
Kb copied : 246784
Total time : 0.1 minutes
Throughput : 2493.607 mb/min
Session 7 started on target
Session 7 copied from source tape to
Session 7 on the target tape
Kb copied : 31937344
Total time : 12.9 minutes
Throughput : 2471.669 mb/min
Session 8 started on target
Session 8 copied from source tape to
Session 8 on the target tape
Kb copied : 1408
Total time : 0.0 minutes
Throughput : 491.163 mb/min
Merging tape: [TM-NOTES-TUE-05/31/05] rid [42c1] seq [1] s/n[ARS223L1] into database...
Scheduled for 9/20/2005-13:02
Adding tape name [TM-NOTES-TUE-05/31/05] rid [42c1] seq [1] s/n[ARS223L1] into media pool: [MLY_TAPE]
Tape Copy ended successfully
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
