Home > Storage > PowerMax and VMAX > Mainframe > Dell PowerMax and DLm: Cyber Security for Mainframe Storage > DLm cyber protection vault
DLm cyber protection vault implementation requires the physical vault itself and the process to preserve data at the vault. The physical vault consists of at least one DLm2500 that has connectivity to a PowerProtect DD and a Cyber Recovery Server. The customer must have a DLm with PowerProtect DD on their production environment.
At least two physical connections exist between the production DLm and PowerProtect DD and the vault environment. The connections could be:
Dell can assist with air-gapping the connectivity between the PowerProtect DD in the production environment and the PowerProtect DD in the vault environment. Customers must work with their mainframe network team if they want to establish an air gap for the FICON connection (IBM zSystems on the production site) to the DLm2500 in the vault.
Dell PowerProtect Cyber Recovery Server can be used to provide automation and orchestration for daily vault operations, recovery testing and validation, and recovery of data from the vault environment to production. Each day, PowerProtect Cyber Recovery Server will perform these policy-based actions:
Note: The immutable retention locked FastCopy snapshots are similar to mainframe Generation Data Groups (GDG) and managed in a similar fashion once the number of specified copies is established.
Setting up the physical environment in this way enables data to be selectively pushed to the vault site after verification that the data needs to be stored there. While building the infrastructure for a DLm physical vault, work with your Dell Account Team to create a comprehensive process for backing up the data on the production site, replicating the data, copying the data within the vault, and locking the data to avoid malicious corruption or manipulation of the data. This process will provide the means to:
Note: Because there is not an IBM zSystem server in the vault, you would need to consider using another site’s IBM zSystem server for testing with z/OS.