Database Retention Question... on Amazon RDS

From: Schneider <schneider_at_ardentperf.com>
Date: Wed, 3 May 2017 11:31:55 +0000
Message-ID: <CA+fnDAbNUw=x6w0f=PdviB=y18NWJ04pG9rZhXVBvbd1PuCDQg_at_mail.gmail.com>

This has been a really interesting thread.

Now, I'm curious: what if you were running your application on Amazon RDS Aurora? How would you deal with this situation where legal requires you to retain an image of today's data in its "native" state for 6 years?

-Jeremy

P.S. A quick google search turned up one related article here https://www.ediscoverylaw.com/2017/02/court-grants-motion-to-compel-reproduction-in-requested-format/

On Mon, May 1, 2017 at 2:24 PM, Dimensional DBA <dimensional.dba_at_comcast.net
> wrote:

> I have a worked at a few companies that has mothballed complete systems
> including SW as you don’t know if even the hardware will run the software
> any more depending on the OS you are running (AIX, HPUX, etc)
>
>
>
> This has been a standard problem since the Dec 2007 Supreme court ruling
> on evidence being available in its native electronic form.
>
>
>
> If your company isn’t using one of the email programs that duplicate all
> email or haven’t turned on MRM in MS Exchange then you may already be in
> violation of
>
> “They insist we keep every version of every email because deleting any is
> considered “destroying evidence”. “
>
>
>
> Compliance is fairly straight forward from a database perspective in you
> ensuring you have backups and that you test the backups. Everything else
> falls in someone else’s area of concern such as the backup team, the email
> team and the legal team in reviewing processes to meet current to data
> compliance rules that morph over time based on ongoing court cases.
>
>
>
> Saving the VM images may be problematic also as the versions of the VMWare
> ops center moves upward not always being fully backwards compatible older
> images. Keeping a copy running can be problematic if something goes wrong
> and you have to rebuild and don’t have all the components to do so.
>
>
>
>
>
> Normally there is no legal requirement to keep it online, that part is
> probably from your legal team, but in reality when you get to the keeping
> of all versions of the backups, you are not keeping a live version of the
> system at each backup point online only the last running version of the
> system.
>
>
>
> You can always take that last running backup of the system and continue to
> upgrade the database SW and the OS, so that you don’t have worry about age
> out, but that doesn’t help you with
>
>
>
> In some cases this is not a technical problem anymore. I have seen legal
> teams use programs to save off the email into single file pdf format
> instead of maintaining them in the original Email systems.
>
>
>
>
>
>
>
> *From:* oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_
> freelists.org] *On Behalf Of *Scott Canaan
> *Sent:* Monday, May 1, 2017 6:27 AM
>
> True, but that’s not my call.
>
>
>
>
> *From:* oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_
> freelists.org <oracle-l-bounce_at_freelists.org>] *On Behalf Of *Reen,
> Elizabeth
> *Sent:* Monday, May 01, 2017 9:24 AM
>
>
>
> This is where calculating the cost of fighting it vs settling
> comes in. Sometimes settling is cheaper.
>
>
>
> Liz
>
>
>
>
> *From:* Scott Canaan [mailto:srcdco_at_rit.edu <srcdco_at_rit.edu>]
> *Sent:* Monday, May 01, 2017 9:19 AM
>
>
>
> There is no pushing back on the lawyers. They insist we keep every
> version of every email because deleting any is considered “destroying
> evidence”. They (and the courts) don’t care about cost or technical
> issues. When they want the data, we have to supply it or get fined and,
> most likely, lose whatever case is against us. In this case the data being
> saved is the timekeeping system for hourly employees.
>
>
>
>
> *From:* Reen, Elizabeth [mailto:elizabeth.reen_at_citi.com
> <elizabeth.reen_at_citi.com>]
> *Sent:* Monday, May 01, 2017 9:16 AM
>
>
>
> Agreed, wish I had that option 10 years ago. Push back on the lawyers.
> Do they really need all of the backups or will a couple suffice. They tend
> to be very conservative about preserving evidence.
>
>
>
> Liz
>
>
>
>
>
>
>
> *From:* Scott Canaan [mailto:srcdco_at_rit.edu <srcdco_at_rit.edu>]
> *Sent:* Monday, May 01, 2017 8:59 AM
>
>
>
> This was one of the first things we thought of, however there are 28
> backups to keep running (4 databases x 7 days each), which becomes
> unwieldly very quickly.
>
>
>
> What we are looking at doing is putting all 4 databases into one VM, then
> taking a VM snapshot of the entire environment, which gets us down to 7
> snapshots to save and that way the O/S and Oracle software are also
> preserved with the databases. That’s what I’ve gathered from the responses
> here is the best way to go.
>
>
>
>
> *From:* Reen, Elizabeth [mailto:elizabeth.reen_at_citi.com
> <elizabeth.reen_at_citi.com>]
> *Sent:* Friday, April 28, 2017 4:29 PM
>
>
>
> What I have ended up doing is just keeping the copy on a
> database, upgrading and patching as needed. Expensive, yes. Data always
> available, yes. What you have to lose if you lose the case should dictate
> how you keep the data.
>
>
>
> Liz
>
>
>
>
>
>
>
> *From:* oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_
> freelists.org <oracle-l-bounce_at_freelists.org>] *On Behalf Of *Scott Canaan
> *Sent:* Thursday, April 27, 2017 1:16 PM
> *To:* oracle-l_at_freelists.org
> *Subject:* Database Retention Question
>
>
>
> We are trying to find a workable solution to a rather large problem. One
> system has an Oracle database in Red Hat 6 and Oracle 11.2.0.4. Last
> August, there was a legal request to freeze 28 different backups of this
> database. That was done by the systems team, via CommVault (using RMAN).
> By asking more questions, it has come to light that any and / or all of
> those backups need to be quickly accessible as Oracle databases until Aug.
> 31, 2023. When I mentioned to our legal department that there’s no way
> that I can guarantee that whatever version of Oracle we’ll be using in 5,
> 6, 7 years will be able to even open the database files, the response was
> “you have to guarantee that the data is available if required in a
> lawsuit. No excuses are accepted by the courts.”.
>
>
>
> We’ve toyed with a couple of possible options. One is to keep a Red Hat 6
> / Oracle 11.2.0.4 environment running until Sept. 1, 2023, which the SAs
> hate (not to mention the Security Office). Another is to restore from
> backup and upgrade along with other database upgrades and take a new frozen
> backup, which we aren’t keen on doing 28 times.
>
>
>
> Does anyone have any other ideas on how to save these backups and
> guarantee that they are usable through Aug. 31, 2023? I’d appreciate any
> thoughts.
>
>
>
> Thank you,
>

-- 
http://about.me/jeremy_schneider

--
http://www.freelists.org/webpage/oracle-l

Received on Wed May 03 2017 - 13:31:55 CEST

This message: [ Message body ]
Next message: Niall Litchfield: "Re: Database Retention Question... on Amazon RDS"
Previous message: Bill Ndolo: "Re: Buffer Gets question"
In reply to Dimensional DBA: "RE: Database Retention Question"
Next in thread: Niall Litchfield: "Re: Database Retention Question... on Amazon RDS"
Reply: Niall Litchfield: "Re: Database Retention Question... on Amazon RDS"
Reply: Thomas Roach: "Re: Database Retention Question... on Amazon RDS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message