This section gives an overview of LTFS-LE and explains the general principles of its security.
Today, tape storage faces the threat of being relegated entirely into the backup and archive market, even as customers beg for a more cost efficient storage platform that could be used for nearline storage because of perceived usability and performance issues. The pioneering groundwork from StorageTek and Sun engineers to eradicate this attack line from disk vendors finally manifested itself in 2010 with the debut of the Linear Tape File System (LTFS) for single tape drives. First released as an open-source specification by IBM and the LTO consortium, LTFS allows a single drive to be treated like a thumb drive or memory stick. This new presentation abstracted the pains of tape storage and made it more usable. In addition, it opened new possibilities for increasing the value of tape as industries that require their storage to be portable now have a cost-effective storage platform.
Oracle adopted the specification with its T10000C tape drive. However, LTFS for a single drive has limited value for both the customer and Oracle. Extending LTFS to an entire library allows customers to essentially have thousands of thumb drives. They can then manage petabytes of data in their library through just a basic desktop explorer interface. Not only does this make tape easier to use, it also gives users peace of mind because all their content is written in an open format. Customers will no longer be chained to their backup application or other proprietary format. In addition, the portability benefits are greatly enhanced. Finally, LTFS – Library Edition (LTFS-LE) enables future Oracle applications and middleware to use tape as a storage format by providing a single, simple access point.
There are three aspects to LTFS-LE security: physical, network, and user access.
It is required that LTFS-LE is installed on a standalone server within an organization's data center. Physical access to the server would be dictated by customer company policy.
The following principles are fundamental to using any product securely.
One of the principles of good security practice is to keep all software versions and patches up to date. This document is for the software level of:
LTFS-LE Release 1.0 or higher
Note:
It is expected that libraries, library software, and drives also meet minimum firmware version levels that are connected to the LTFS-LE application. These firmware levels are specified in the LTFS-LE release notes.Keep the LTFS-LE host server behind a data center firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls. Identifying the hosts allowed to attach to the library and blocking all other hosts is recommended where possible.