Tennessee Bank Kills Two Birds with One VTL Stone

Sometimes the search for a particular solution can lead to unexpected benefits in other areas. This was the case at GreenBank, a Tennessee financial firm that was looking for a way to encrypt the tape backups from its IBM i5/OS server. When the company’s IT manager realized that he could get encryption and, at the same time, eliminate GreenBank’s reliance on tape-based backups by adopting a disk-based virtual tape library (VTL) from Crossroads Systems, it was too good an opportunity to pass up.

GreenBank provides loans and other financial services to people and businesses through 65 branches in eastern and middle Tennessee, Virginia, and North Carolina. The publicly traded company, which has $2.5 billion in assets, traces its roots to 1890, making it a staple of the eastern Tennessee town of Greeneville, where it’s headquartered.

In 2009, the bank decided that it needed to encrypt its backup data in order to comply with industry regulations, like PCI and SOX. At that time, the bank relied on LTO-3 tape drives to create backups. Because encryption technology wasn’t added to the LTO line until generation 4, the bank would have needed to buy newer LTO drives and cartridges if it wanted to stick with tape.

If the solution was this simple, GreenBank might have just upgraded its LTO drives, and been done with it. But the situation was complicated somewhat because there were some incompatibilities between the LTO encryption routines and SilverLake, GreenBank’s core banking system from Jack Henry & Associates. According to GreenBank’s IT manager, Jason O’Dell, GreenBank would have needed to spend an additional five-figure sum with Jack Henry to obtain a new encryption appliance, above and beyond the cost of the new LTO gear alone.

So O’Dell kept looking. In an ideal world, he would have given the business to ExaGrid Systems, the Massachusetts company that makes the de-duplication and disk-to-disk (D2D) appliances that GreenBank uses for its Windows servers. But ExaGrid does not support the System i server, so the search continued.

VTL to the Rescue

One day, one of O’Dell’s IT suppliers, the consumer and enterprise hardware and software reseller CDW, recommended he take a look at SPHiNX, a D2D and VTL appliance that Crossroads Systems of Austin, Texas, launched in September 2009. At that time, CDW didn’t resell the SPHiNX (it now does), so O’Dell was encouraged to call them directly.

Crossroads developed SPHiNX specifically to tackle the System i and IBM i-based Power Systems market. Thanks to emulation, the device appears as a bunch of SCSI-connected LTO-4 tape drives to the server, but it stores the data on bundles of RAID-protected disks instead. Users can store terabytes of data on their SPHiNX devices, and a Web interface provides a relatively easy way to configure the device and retrieve data. Many customers buy SPHiNX devices in pairs, and link them through CrossRoads data replication technology. The SPHiNX also supports AES-256 encryption, the capability to IPL directly from the VTL (a big deal for many IBM i shops), and the capability to write to tape drives.

O’Dell called CrossRoads and requested a 30-day trial to measure SPHiNX performance in his shop. As it turned out, it was a very good (but not perfect) fit for GreenBank right out of the box. The IT manager realized that the VTL would not only satisfy the bank’s need for data encryption, but came with a bonus: the elimination of tape for primary backups.

Axing the Tape-Based Processes

O’Dell wanted to eliminate the tapes and all the human-based processes that surround it. But that desire played second fiddle to the primary goal, which was encryption. O’Dell realized he might be able to satisfy both of these goals, and to do so for a lower price than he had been quoted for a tape-based encryption solution alone.

The implementation was not without its hurdles. The first go-around showed some performance issues in the replication of data from the primary VTL at GreenBank’s headquarters and the secondary VTL located at the bank’s disaster recovery site, 100 miles away.

According to O’Dell, the two VTLs could not effectively utilize GreenBank’s big OC3 data pipe connecting the two sites, resulting in slower-than-expected replication times. O’Dell shared this information with the engineers at Crossroads, and, to his delight, they were eager to work with him to find a solution, which involved splitting the replication jobs into multiple data streams that GreenBank’s WAN could more effectively use. (That function has since been made a standard feature of the product.)

That Crossroads was willing to work with GreenBank impressed O’Dell. “The development folks came on site to get it functioning the way we wanted it to, and when we finished, we were actually getting what we needed and what we wanted,” he says. “It was open communication.”

Efficiencies Abound

GreenBank went live with SPHiNX in March, and O’Dell has been very happy with the performance since.

Every night, the device backs up about 110 GB of data, encrypts it, and replicates it over the WAN to the second VTL located at the DR site. The entire process takes about 1.5 hours, which is about twice as long as (non-encrypted) backups took before. This timeframe is within acceptable standards for GreenBank, which is not a 24/7 operation.

In total, the bank has about 7.7 TB of data stored on the two SPHiNX devices, which are equipped with 9 TB of storage each. The list price for these 9-TB devices is about $20,000 each, while extras like encryption, replication, and connections to more external storage add to the price. This is approximately what GreenBank would have had to pay Jack Henry for the software that adapted the SilverLake backup processes to handle LTO encryption, which would have been above and beyond the cost of the LTO gear.

While the two VTLs represent a net outlay for GreenBank, the bank saves money in other ways. For starters, O’Dell doesn’t have to spend tens of thousands of dollars investing in new LTO drives and cartridges.

But the biggest benefit may be the elimination of nightly car trips to transport tapes. The night operator previously had to drive about an hour from GreenBank’s headquarters to a secondary facility (not the DR site) to drop off the tapes. Since GreenBank is now replicating the data directly to the DR site over the WAN, those car trips are no longer needed.

Similarly, whenever a piece of data needs to be recovered, it doesn’t require another car trip to retrieve the tape (and it had better be the right tape, or the operator gets to turn around and do the trip again). Fewer car trips also reduce carbon emissions and bolster GreenBank’s reputation as a “green” company.

O’Dell found a way to get encryption, and eliminate the reliance on tape as the first line of defense of data loss, for a price that was less than he was asked to pay for a tape-based encryption solution alone. (In some circles, this is sometimes referred to as a “no brainer.”) GreenBank can still make encrypted or unencrypted tape backups from the SPHiNX device (a feature that came in handy during the trial period), but except for the occasional full system save, the twin SPHiNX devices are the primary line of defense for GreenBank.

“We were looking for a way to get encryption,” O’Dell says. “But when we went down that road, we said, ‘If we’re going to spend the money for encryption, we also want to do D2D backups,’ and this was the solution that was brought to us.”

In the corporate IT world, if you’re presented a way to kill two birds with one stone, it’s often a good decision to make.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot