Right now, we are asking the question is SnapVault enough?
We started using NetApp (block) storage for our file store service in August 2011. Our infrastructure is comprised of 3 x FAS3210 HA pairs; these act as a primary site, secondary site which is updated by SnapMirror hourly and a third site which is updated by SnapVault overnight. We keep 4 x hourly snapshots on the primary and 90 x daily snapshots on the primary.
SnapVault introduced a radical shift in how we protected our data. Previously a more traditional approach was taken whereby the clients were backed up directly to tape on a variety of schedules. As we were unfamiliar with SnapVault at the time and wanted to build confidence in it, the decision was taken to supplement SnapVault with ad hoc backups of the file system to tape using FlexClones.
The initial intention was for these ad hoc backups be a temporary measure which would be stopped when we had confidence in SnapVault. Even though we haven't had any issues with SnapVault we are still running the supplementary backups and there is some reticence to stop them.
The reason behind this stems from the fear of corruption and a bad (non-NetApp) experience in the past. I am struggling to envisage a reasonable scenario where snapshots wouldn't protect us from this; what I end up with is a convoluted scenario where there is some issue with WAFL which leads to corruption being replicated to the secondary site and then we have a triple disk failure on the SnapVault array; highly unlikely I know. I appreciate that this is largely a matter of trusting the technology and then defining a suitable level of protection against identified risks.
What I would like is to get an idea of what others do, use tape with SnapVault? how is this achieved? Hopefully this will help us justify either the decision to stop tape backups or provide a case to implement a more suitable and sustainable tape backup mechanism.
I'd welcome your thoughts and experiences on the subject.