+1 (647) 493-5065


In continuous data replication methods or mirroring solutions, accidental or malicious data deletion and unintended encryption is also replicated to the backup copy which defeats the purpose of a high availability solution. In addition, regulatory requirements may require certain organization in specific industries such as finance or health care to protect replicated data from content-level destruction.

FlashCopy facilitates the creation of point-in-time images however, as the host still has access to the FlashCopy target volumes, it is still possible for the data to be deleted, modified or encrypted. Point- in-time image could be lost if Flashcopy relationship is removed by a storage administrator or if the images are created again later.

To provide logical data corruption protection these point-in-time images must be safeguarded in all above scenarios.

IBM DS8880 release 8.5 and above DS8000 system utilizes Safeguarded Copy (SGC) functionality to create air-gapped copies of data not directly accessible to a host system. SGC is more secure, space efficient and fit for the purpose of logical corruption protection than FlashCopy. It also provides controls to ensure that copies are not created less than a pre-defined interval.

SGC is normally implemented alongside an existing HA / DR solution to provide logical data corruption protection and it is implemented using two different interfaces

  1. Storage Management CLI or Storage Management GUI: Accessible to storage administrators to perform logical configuration of storage and creation of Safeguarded Backup Capacity.

  2. Fully licensed Copy Services Manager 6.2.3 or later and GDPS® 4.2 or later. The management software provides the ability to create, delete and recover backups and to define policies for expiration.

With well-defined segregation of roles, creation, deletion and recovery of copies could also be protected from storage administrators themselves. These copies could be used for data validation, forensic analysis and recovery in case of suspected logical data corruption.

A production system can have hundreds of volumes from one or more storage systems. Safeguarded Copy functionality can create crash consistent copies across all volumes in a Safeguarded Copy session.

For each volume to be protected; a dedicated thinly provisioned Safeguarded Backup Capacity is created using DSCLI or DSGUI. Without any backup, this capacity is purely virtual. Virtual space required for SBC should be large enough to accommodate frequency of backup, retention and number of tracks changed since last backup. Running out of Safeguarded Backup Capacity does not cause write inhibit to the source volume. However, the oldest backup is automatically deleted. Starting with DS8880 release 8.5 SP7 and DS8900F release 9.1 it is possible to dynamically expand the Safeguard Backup Capacity.

Data can only be used when a backup is recovered to a separate recovery volume. Recovery volumes required equals number of production volumes. Recovery volume must be at least the same capacity as the Safeguarded Copy Source Volume. Recovery system can be existing production system or a separate system.