IBM Storage Defender

IBM Storage Defender

Early threat detection and secure data recovery

Β View Only

πŸ—„οΈ Future-Proof Your Data: Copy Retention Sets to IBM Storage Deep Archive using IBM Storage Protect πŸš€

By Sachin Jadhav posted Fri April 03, 2026 09:24 AM

  
Would you like increased security, scalability, and cost-efficient long-term data retention? IBM Storage Protect now enables you to copy retention sets to IBM Storage Deep Archive using the S3 Glacier interface.


To strengthen data protection strategies, you can copy retention sets to cloud object storage or tape storage.

  • By copying retention sets to standard cloud storage, organizations gain an additional layer of protection for active or frequently accessed data.

  • By copying retention sets to archive cloud storage, organizations ensure long-term protection for data that is infrequently accessed.

  • By copying retention sets to tape storage and storing volumes at a secure offsite location, organizations can protect data from onsite disasters and ransomware attacks.

Building on these capabilities, IBM Storage Protect now supports copying retention sets to IBM Storage Deep Archive by using an AWS S3 Glacier–compatible interface.

IBM Storage Deep Archive is purpose-built for large-scale, long-term data preservation. Built on the Diamondback tape backend, it combines the durability and cost efficiency of tape with the simplicity of object storage access. By exposing an S3 Glacier interface, it integrates seamlessly with IBM Storage Protect, allowing organizations to extend retention protection without modifying existing backup or retention workflows.

βš™οΈ Key Capabilities of IBM Storage Deep Archive for Retention Set Copy

  • Copy retention sets to a cloud storage pool with device type GLACIER

  • Use IBM Storage Deep Archive as a tape-based archive through the S3 Glacier interface

  • Enable existing IBM Storage Deep Archive appliances as retention targets

  • Support immutable retention sets for cyber-resiliency and regulatory compliance

πŸ” Prerequisite: Configure TLS Certificates

Before configuring a connection to IBM Storage Deep Archive, ensure that secure communication is established using TLS certificates.

IBM Storage Deep Archive uses Transport Layer Security (TLS) to encrypt communication. To enable this, you must add the required certificate to the IBM Storage Protect CA certificates keystore.

Steps:

  1. Generate or obtain the TLS certificate file.
    (For more information, see     S3 certificate management.)

  2. Import the certificate into the CA certificates keystore:

sudo keytool -importcert -noprompt -trustcacerts \
    -keystore cacerts \
    -alias diamondback_s3 \
    -storepass changeit \
    -file tls.pem

  1. Restart the IBM Storage Protect server to apply the changes.

πŸ› οΈ Configuration Overview

To configure a retention set copy to IBM Storage Deep Archive, follow these steps:

  1. Define a cloud connection on the IBM Storage Protect server by using cloudtype=S3.
    For example:
    define connection deeparchive5 cloudtype=s3 cloudurl=https://diamondback-s3.gdl.mex.ibm.com:443bucketname=sandbkt5 identity=***** password=*********** description="Connection to DeepArchive S3"

  2. Specify the IBM Storage Deep Archive endpoint and the S3 Glacier bucket

  3. Create a cloud device class with CloudStorageClass=GLACIER.
    For example:
    define devc DC_CLOUD_DEEPARCHIVE5 devt=cloudconnection=DEEPARCHIVE5 CLOUDSTORAGECLASS=GLACIER

  4. Define a retention storage pool that uses the cloud device class.
    For example:
    define STGPool RETENTIONPOOL5 DC_CLOUD_DEEPARCHIVE5 POOLTYPE=RETENTION description="Retention pool based on Deep Archive"

  5. Define a retention rule to copy retention set data for the required nodes and filespaces.
    For example:
    define retrule retention_test_onetime5 RHEL92ISV "/home" retention=3 startdate=TODAY startt=now destination=RETENTIONPOOL5

  6. Run the retention rule to copy the data to IBM Storage Deep Archive
    For example:
    start stgrule RETENTIONPOOL5

  7. Query retention set to display detailed information about retention set data.
    For example:
    query retset <retset_id>

🧩 Syntax view

DEFine CONNection <connection_name>

β”œβ”€β”€ CLOUDType = S3

β”œβ”€β”€ CLOUDUrl = <deep_archive_endpoint>

β”œβ”€β”€ BUCKETName = <glacier_bucket>

β”œβ”€β”€ IDentity = <access_key>

└── PAssword = <secret_key>

β”‚

β–Ό

DEFine DEVclass <devclass_name>

β”œβ”€β”€ DEVType = CLOUD

β”œβ”€β”€ CLOUDType = S3

β”œβ”€β”€ CLOUDCONNection = <connection_name>

└── CLOUDSTORAGEClass = GLACIER

β”‚

β–Ό

DEFine STGpool <retention_pool_name>

β”œβ”€β”€ POOLType = RETENTION

└── DEVclass = <devclass_name>

β”‚

β–Ό

DEFine RETentionrule <rule_name>

β”œβ”€β”€ NODES = <assigned_nodes> and <assigned_filespaces>

└── STGpool = <retention_pool_name>

β”‚

β–Ό

RUN RETentionrule <rule_name>

β”‚

β–Ό

IBM Storage Deep Archive

(S3 Glacier bucket on tape)


IBM Storage Deep Archive uses TLS certificates to ensure encrypted communication. Before defining the cloud connection, administrators must generate and import the required certificate into the IBM Storage Protect CA certificates keystore and restart the server.

πŸ”„ Recovery and Use Cases

  • Copy retention sets from IBM Storage Protect to IBM Storage Deep Archive

  • List available retention sets

  • Restore files using point-in-time (PIT) date and time

  • Verify that archived objects use the Glacier storage class

⏱️ Restoring Data Using Point-in-Time Recovery

After retention sets are copied to IBM Storage Deep Archive, administrators can restore data using point-in-time (PIT) recovery through the IBM Storage Protect administrative interface.

Example commands:

  1. List backup versions of files as they existed at the specified point-in-time:
    query backup {/home/hannigan/build}/* -su=y -pitdate=01/07/2019 -pittime=17:00:00

  2. Initiate expedited retrieval of retention set data from Deep Archive to make it available for restore:
    STAGE VOLUME retset=<retset_id> retrievaltype=URGENT duration=<num_of_days> action=stage

  3. Display details of the retention set volumes and their staging requirements before retrieval:
    STAGE VOLUME retset=<retset_id> action=preview

  4. Check the current status of an ongoing or completed staging (retrieval) request:
    STAGE VOLUME retset=<retset_id> action=checkstatus

  5. Restore files to their state at the specified point-in-time:
    restore {/home/hannigan/build}/* -su=y -pitdate=01/07/2019 -pittime=17:00:00

πŸ—„οΈ Long-Term Retention Benefits

By combining immutable retention sets with tape-based deep archive storage, this enhancement delivers a scalable, secure, and cost-efficient solution for long-term data retention.

πŸ“– Reference:

For more information, see Copying retention sets in IBM Documentation.

0 comments
27 views

Permalink

https://community.ibm.com/community/user/blogs/sachin-jadhav/2026/04/03/future-proof-your-data-copy-retention-sets-to-ibm