Secure Archive Manager

Scaling to meet data growth and adhering to compliance requirements are fundamental challenges facing organizations. 

Scaling to meet data growth, adhering to compliance requirements and how to enable cloud first initiatives are key challenges facing organizations. With the increase in regulatory and compliance requirements, data management has expanded beyond the domain of IT and storage administrators and risen to the c-level management team. Policies for data retention, legal hold and data disposition along with extended life cycles have increased the complexity of managing and protecting ever increasing amounts of data. This coupled with the c-suite demanding more flexibility and efficiencies from the IT organization are raising questions regarding the traditional silo approach for managing archive data.

With most regulated data trapped in hierarchal file systems transitioning data to private or public cloud is a complex challenge. First, the users and applications need to be able to access the data at its new location. Second, retention requirements mandate that the original time stamps and meta data be preserved along with the data. Private and public clouds may offer retention or immutability options but their design only accommodates new or green field data. They were not designed to accept and maintain the original meta data.

Secure Archive Manager (SAM) is a software application that enables flexible and compliant data management over the life cycle of the data. SAM enables CCO/CIO to meet compliance requirements for WORM, retention, legal hold, and data disposition. SAM also helps the IT organization deliver a more secure, flexible and efficient approach to long term archiving needs using traditional storage, cloud storage and object storage. SAM is designed to preserve file meta data for the duration of the retention period, independent of the storage technology used. Competitive approaches lock the customer into an expensive and proprietary hardware centric infrastructure. The software architecture of SAM makes it easy to protect data today and also move it forward to new technologies in the future.

Secure Archive Manager presents the classical CIFS share or NFS export to users and applications. Then SAM effectively unbundles the access to the content from the storage of the content. SAM leverages virtual file systems to accomplish this task. The virtual file systems are not integrated with the host operating system. Hence things like stubs, links, DFS or junction points are not used and thus OS limitations (e.g. file count or size of file system) are not imposed. Users and applications will continue to view the tree/path file system structure they are expecting. However, now the content can be stored where it best suits the needs of the organization. This means that the front end access protocol can be different from the back end storage protocol, with SAM handling the translation. The separation of “access” from “storage” is what enables storage administrators to control the storage location or locations without impacting user access. Content can be moved from one storage location to new more scalable storage system (e.g. local disk to NAS) or to a completely different storage type (e.g. NFS file to S3 object) to lower cost without any updates to client/application access.

Secure Archive Manager is a software application that manages data and provides long term and compliant archiving functionality with maximum flexibility and security. Archives are created in SAM and shared out to users and applications. SAM opens up the possibilities for IT to create the best archiving environment for their needs. For instance an archive can be created providing a CIFS share to users and then translate the files into objects for storage on Amazon S3. SAM uses the Windows ACLS to control access and also stores them when writing the content to the S3 cloud. This way if SAM has to be recovered from the cloud repository all the time stamps, meta data and permissions will be the same as the original files.

Archiving Features

  • Native CIFS shares
  • Native NFSv3 and NFSv4 exports
  • AES 256-bit Encryption
  • De-duplication
  • Compression
  • Replication
  • Synchronization
  • Chunking for large files
  • Local storage and NAS
  • S3 access and S3 cloud storage
  • Object storage
  • Supports billions of files

For customers in regulated industries SAM also delivers features to help meet governance and compliance requirements.

Compliance Features

  • WORM
  • Retention
  • Legal Hold
  • Data Disposition
  • Meta data search
  • User Auditing
  • Read / Write verification using hashes
  • SHA-256 hashing
  • Encryption at rest and in transit
  • Role based access
  • Multiple copies
  • Unique Encryption key per file

Due to our long history of working with ECMs and providing storage migrations for them SAM has been designed to accommodate some of their unique requirements. Some ECMs require work space folders that cannot be put under retention as the content is not yet a legal record. Other systems allow organizations to have many directories each with different retention rates. Other have integrated workflow where stamps are for approval or rejection and these annotations can be under retention until the workflow for the document is complete and a legal record is created. In these cases SAM can use filters on file types to enable or exclude content from retention.


SAM was designed to provide users unprecedented availability to their data without intervention from IT. To accomplish this SAM uses a policy engine to make multiple copies of data and place it on designated storage systems or cloud options. SAM will package the data and metadata to meet the unique requirements of the target storage and maintain all of the original file permission, metadata and retention. For instance the first copy could be on a SAN, the second copy could be on a private cloud that is replicated across sites and the third copy could be on a public cloud. If the SAN were taken offline for maintenance the SAM system would accommodate user reads from the second copy which is the private cloud. If this system was also not available then SAM would recall the content from the public cloud. SAM also recognizes that private and public clouds are often replicated to a DR system or second availability zone. For these instances SAM can be configured to automatically read from the DR system in the case where the primary storage system is not available. The process for write operations is similar and designed to keep things running smoothly and then catch up the offline device once it resumes operations.

SAM can run as a single instance, Active-Passive fail-over configuration or in a clustered configuration. To learn more about SAM features/benefits, configuration or deployment requirements please contact our Sales.