Every day the Pas-de-Calais (PdC) fire brigade receives requests for call recordings from the police and courts. Such emergency calls are all recorded and must be retained for 15 years.

But the optical media used to store them had become increasingly onerous to use. Not least among the limitations was that it was incredibly time-consuming to find and recover information from 10 years ago or more on a collection of CDs.  So, the time had come to move to a more scalable and accessible method of backup and archiving.

The brigade has about 5,000 employees and volunteers. There are 1,400 professional firefighters and up to 3,500 volunteers, with 300 administrative and technical staff.

Its HQ is at Arras, with three datacentres that run 140 VMware virtual servers on 16 Cisco UCS blades. Apart from Microsoft Office 365, nothing runs in the cloud. The force uses electronic vaulting services to meet its legal obligations regarding digitised invoices and other legal documents.

Victim files held for 10 years

It was a little over a year ago that the PdC fire brigade decided to get two StorageCraft OneXafe data protection backup appliances with 12 disks of 10TB. Capacity totals 120TB raw capacity installed in two server rooms.

The OneXafe series is built on scale-out NAS storage with the company’s ShadowXafe backup software on board.

OneXafe boxes offer scale-out file access storage onto an underlying object store, with a single parallel file system across all instances.

The StorageCraft product is the latest in an emerging class of backup appliances that merge backup software with storage hardware, but with scale-out capability.

Unlike standalone backup appliances, backup appliance nodes can be built out into grid-like clusters of backup/secondary storage capacity.

Key players are Rubrik and Cohesity, with established backup software makers CommVault and Veritas also getting onto the bandwagon.

A key aim of the purchase for the PdC fire brigade, apart from getting good value, was that it would be scalable in the face of growing data protection requirements.

“With the coming of the pandemic, we started doing a lot of video-conferencing calls, which we had to record,” said Frederic Van Camp, CIO at the brigade. “That would include meetings around tender processes, the results of which could be contested and so proof is required.”

The brigade also wanted to digitise medical reports, which need to be kept for 10 years. There is also drone footage. So, one of the advantages of the StorageCraft appliances is the ability to accept any drive, no matter its capacity or speed.

Van Camp highlighted other factors that motivated the brigade’s buying choices. First was the fact that OneXafe runs on a Dell chassis, which meant his team could benefit from Dell hardware support, which was reassuring. So, for example, if the brigade runs into an issue, it can call StorageCraft’s 24×7 support and if it is a hardware problem, a Dell technician is sent out within four hours.

Object storage

Data stored is well protected against malware. “We work in object storage mode, with snapshots taken every 90 seconds,” said Florian Malecki, marketing director at StorageCraft. “Ransomware can’t erase data, encrypt it or block access. With every change, new objects are created.”

Audio calls, video and reports are all well suited to object storage because they are not subject to later modification. But security measures don’t stop there. Snapshots are protected on Data Domain hardware, with backups also copied to tape and moved to a physical fire-proof safe at another site.

With two StorageCraft appliances deployed, the PdC fire brigade plans to buy another for its site at Hénin-Beaumont ,near Lens. “If there’s a problem at Arras, the data is replicated to Hénin-Beaumont,” said Van Camp. “The Arras site is near an airport, with a Seveso-classified factory also close. With those nearby, we have to think the unthinkable with regard to the safety of our data.”

The brigade is also thinking of ways to deal with security differently in future, with ideas mooted to completely segment its networks so that attack surfaces are reduced.

“I envisage segmenting by service using virtualisation,” said Van Camp. “Instead of updating workstations, we’d just update the servers. That way, I can be sure the 1,200 workstations have the latest updates. That’s a process that is often complicated because an update can go wrong or there are PCs that just haven’t been turned on in a long time.”



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here