I came across an interesting tidbit from the NetApp camp today.
It seems their version of compliant archival storage, isn't, well... compliant.
A brief background: archival storage frequently is used to store data (email most prominently) that a regulatory body has determined that a company must keep. Mostly so massive evidence shredding a la Enron doesn't happen again.
You need special storage to meet these requirements (from the SEC, Sarbanes-Oxley, and so on, as well as their respective counterparts in Europe and Asia). Normal file storage doesn't cut it.
EMC has met this need for nearly a decade with Centera. (In fact, there are 3 versions of Centera desinged to meet different compliances objectives.) NetApp has "Compliant SnapLock" and you can find similar umm, hacks, from other vendors.
And I call them hacks for a reason: EMC believes that compliant archival storage should, amongst other things, not have a file system that is exposed to the user. There are a bunch of characteristics I want to see for compliant archival storage, but that is one of the big ones. I am open to correction on this, but I think Centera is the only platform that actually does this.
Now, all this has come to bite NetApp in the proverbial posterior: "...versions of Data ONTAP® prior to 7.2.5 with SLC have been found to have vulnerabilities that could be exploited to circumvent the WORM retention capability." They go on to say: "NetApp cannot stand by the SnapLock user agreement unless the upgrade is performed."
Now this is a really big deal. This is not a trivial little upgrade to OnTAP. This is a big one. There is a reason why thousands of NetApp customers haven't made the lead yet: it is risky and and it hard.
In the words of NetApp themselves: "This upgrade is a one-way procedure."
So, anybody running a version of OnTAP older than 7.2.5 isn't compliant.
I hope you don't have any visits from the auditors scheduled in the next couple of months...
Or maybe it is time to explore an alternative?