Unlike most existing backup software and media, which are designed for short-to-medium-term disaster recovery, the Archive Disk archiving system addresses all requirements of a true long-time storage solution. By using archival-grade media, adding RAID-like data redundancy, providing data security and implementing an automated archival and restore process, Archive Disk long-time archiving offers a cost-effective and “green” way to securely store data for decades.
Gathering archive data from source systems. Our first release requires this data to be file-based, but connections to databases and other types of storage will be implemented in future versions. Since the Archive Disk software is commonly used in forensic environments, data integrity (using cryptographic hashes) and traceability are key features: if the logs indicate that data has been transferred, you can rest assured this has indeed been done successfully. If the files to be archived are suitable for this, data compression can be applied as well.
Since archive sets will most likely be stored outside the normal, protected, IT environment, it’s important the archive media are not a security risk. This is ensured through the use of AES-256 encryption, using a strong, random secret key per archive set. This will render the Blu-ray disks effectively unreadable to anyone except authorized users.
The secret key for each archive set can be securely distributed to multiple parties using the built-in public/private key infrastructure (PKI), with optional Active Directory integration. To handle the scenario where an individual leaves the organization (prior to the end of the storage life of the media sets he or she received key material for), the software supports one-click bulk key transfers, which allow these keys to be easily transferred to a successor. Key revocation is also supported, but only for deployments with a permanently on-line certification authority (CA): if off-line decryption is required, key revocation will require a new archive set to be created with a new key and the existing archive set to be destroyed.
To prevent archive sets from becoming unavailable due to loss of all copies of the associated encryption key, the software supports use of last-resort disaster recovery keys. These keys use a multi-level partitioning scheme, which, for example, allows paper copies of the decryption key to be safely stored along with the archive set.
RAID-like data redundancy. Even if archival-grade media are used, it’s not possible to offer a 100% guarantee that stored data will not degrade over time. For increased data security, the Archive Disk software allows two levels of redundancy to be added to protect the archive set:
Future-proof restore mechanism. To allow archived data to be restored, even if the original Archive Disk software is no longer available, each Blu-ray disk contains all documentation and source code for the encoding and encryption mechanisms used. As long as the archive set encryption key is still available, accessing the data should be possible, even in the face of significant technological changes.
Managed archive/restore queues. When archiving data from multiple source systems, the Archive Disk server ensures optimal performance as well as flexible scheduling by using gateway servers. This way, archival data can be transferred without impacting regular operations, and at times when sufficient capacity is available at the Blu-ray server to actually process the data. If required, urgent archival jobs can be prioritized.
Archive set metadata storage and tracking. Each archive set can have mandatory and optional metadata associated with it, in order to easily find archive sets based on identifiers already in use in the organization, such as case number, customer number or accounting period. If archive sets are shipped to different locations, the Archive Disk software can keep track of the movement and current location of these sets through barcode or RFID scanning.
Integrated lifecycle management. The Archive Disk server software has limited support for lifecycle management: prior to data being added to an archive, it can be copied to near-line storage, and optionally made immutable. If a full lifecycle management system is already in use in an organization, our software can most likely be integrated with that as well.