PCI compliance prompts credit firm to move Windows data archiving to KOM Networks KOMpliance
Published – January 22, 2010 | SearchStorage.com
Beth Pariseau, Senior News Writer
A firm that struggled with a Linux-based data archiving product from its primary storage vendor has found relief with KOMpliance, a Windows-based appliance from KOM Networks.
Experian Information Solutions Inc., which runs consumer credit rating website FreeCreditReport.com, is working with sensitive personal financial information and must abide by the Payment Card Industry (PCI) data security standard. Part of PCI compliance includes creating a separate and tamper-proof data archive of log files from the company's busy SQL databases, and the company went through a lengthy process to deploy the right product for the job.
Vice president of information security Gary Everekyan said Experian went with the Hitachi Data Systems (HDS) Content Archive Platform (HCAP) because HDS was already the company's primary storage vendor. HDS was also listed as a leader by market research firm Gartner Inc., which gave management confidence in HCAP, Everekyan said.
However, Everekyan said the first problem when the 13 TB HCAP system was deployed approximately two years ago was integrating the Linux-based system with Active Directory with the kind of granularity he needed to segregate administrators of the system from being able to see audit logs.
Everekyan said HDS engineers put in many hours over the months that followed the initial deployment to get the access control functions working the way Experian needed, but other problems cropped up in the meantime. The database log files were numerous and relatively small, putting strain on a system mainly marketed for archiving larger contiguous unstructured content
"Many small files resulted in challenging navigation times, [which] got problematic as the files increased," Everekyan said. Nodes of the system began to crash. When variable partitions filled up, an HDS technician had to write scripts to resolve the issue, according to Everekyan. "We upgraded the system twice, but eventually decided to look somewhere else," he said. The last version of HCAP Experian used was Version 2.6.
HDS representatives did not respond to SearchStorage.com's requests for comment about Experian's situation as of press time. Since Everekyan's experience, HDS has replaced HCAP with a product called the Hitachi Content Platform, which is positioned for cloud storage applications.
Everekyan said he'd already looked at KOM Networks' Windows Storage Server-based KOMpliance while evaluating data archives. When he decided to replace HCAP with something else, he went back to KOM.
KOMpliance archives data from large databases
Experian deployed KOMpliance approximately a year ago as an appliance that also holds 13 TB, priced at about half the cost of HCAP, Everekyan said. It has integrated better into his Windows environment, partly because of the Windows Storage Server software and native integration into Active Directory but also because KOM's IP at the kernel layer in the appliance is optimized for different kinds of I/O. Kamel Shaath, chief technology officer (CTO) at KOM Networks, said the vendor has deployments to archive data from large ERP and CRM databases as well as file-based applications.
While things have gone more smoothly with the KOMpliance, integrating this second data archive into the environment hasn't been without its own complexities, Experian's Everekyan said. For instance, he is working with KOM Networks engineers to figure out a way to share the appliance between two separate Active Directory forests. This isn't normally done, but Everekyan said a shared system would cost less.
"If we can't do it, we could just get a second box," he said. But Experian is looking to avoid capital outlay for a second KOM system, and the reason for getting a prepackaged, automated archiving product was "so we don't have to hire another person to do log monitoring."
Everekyan said he'd also like to see KOM add more granular search capabilities for his database logs. "You can search directories and subdirectories, but it doesn't have visibility inside the logs," he said.