Every organisation accumulates data it must keep but rarely touches: records held for years to meet regulation, finished projects, logs and evidence that may be needed once but must survive until then. Storing that on primary storage is expensive and wasteful, and deleting it is not an option. A cold archive tier solves this: the cheapest durable storage you can build, optimised for retention and integrity rather than speed, often with write-once protection so retained data cannot be altered or erased. This is how to design a low-cost on-prem archive and compliance-retention tier for UK organisations, balancing cost per terabyte against durability and the rules you must satisfy.
Archive is optimised for cost and durability, not speed
A cold archive tier inverts the usual storage priorities. Performance barely matters because the data is read rarely, if ever, so the design optimises for the lowest cost per terabyte and for durability over long periods. Capacity is everything, latency is almost irrelevant, and the goal is to hold large volumes safely for years at a price that makes keeping the data viable rather than painful.
That changes every hardware choice. You favour the densest, cheapest durable media, a layout that protects against the failures a long-lived archive will inevitably see, and a chassis that packs in capacity rather than throughput. The archive sits behind the primary tiers as the place data lands when it is no longer active but must be retained, and it is sized for the retention obligation, not for daily use.
Choosing the media: HDD, QLC or tape
Archive media is a cost-per-terabyte decision. High-capacity hard drives remain the workhorse of on-prem archive: cheap per terabyte, dense, and durable enough when laid out for resilience. QLC flash brings lower power and instant access at a higher capital cost, attractive where the archive is occasionally queried and power and density matter. Tape remains the cheapest per terabyte for true cold data and offers excellent offline durability, at the cost of access latency and a library to manage.
Most real archives blend these by access pattern: high-capacity drives for data that might be retrieved, tape for the deepest, coldest, longest-retention material, and QLC where occasional fast access justifies its premium. The right mix depends on how cold the data really is and how often it might be recalled. We size the media blend to the retention profile, choosing high-capacity drives and QLC from our SSD and NVMe range, and build dense archive on the HPE Apollo platform.
- •High-capacity HDD: cheapest dense online archive, durable when laid out for resilience
- •QLC flash: lower power and instant access at a higher capital cost, for occasionally-queried archives
- •Tape: cheapest per TB and excellent offline durability for the coldest, longest-retention data
- •Most archives blend media by how cold the data is and how often it might be recalled
WORM and immutability for compliance
Compliance retention adds a requirement beyond cheap storage: the data often must be tamper-proof. WORM, write-once-read-many, and object immutability such as object-lock retention ensure that once written, retained data cannot be altered or deleted until its retention period expires, which is exactly what regulations demanding unalterable records require, and what protects an archive from ransomware that would otherwise encrypt or destroy it.
On-prem you achieve this with object storage that supports object-lock retention, or with WORM-capable filesystems and appliances, configuring a retention period that the system enforces regardless of administrator action. These are the same immutability principles behind hardened backup repositories, applied to long-term retention rather than recent backups, and we cover the broader patterns in immutable backup architectures. Build the retention enforcement in from the start, because retrofitting immutability onto a mutable archive is far harder than designing for it.
Integrity over years and the dual-copy rule
A long-lived archive faces a quieter threat than failure: silent corruption, where bits decay or are mis-written and the damage is not noticed until the data is finally needed. So an archive needs integrity verification, checksums or scrubbing that periodically confirms the stored data still matches what was written, and a redundancy scheme that can repair what it finds, because data you discover is corrupt at the moment you need it is worse than no archive at all.
Redundancy within one system is not enough for irreplaceable retained data, either: a single site or system failure should not take the only copy. A second copy, ideally offsite or offline, is the difference between an archive and a single point of failure, and tape or a replicated second tier serves that role well. Design integrity checking and a second copy into the archive from the outset, sized to the value and irreplaceability of what it holds.
Putting an archive tier together
For most UK archive and compliance-retention needs this lands on a storage-dense chassis filled with high-capacity drives in a resilient, second-failure-tolerant layout, with object-lock or WORM retention enforcing immutability where compliance requires it, integrity scrubbing running in the background, and a second offsite or offline copy for irreplaceable data. The capacity follows the retention obligation; the media blend and immutability follow how cold the data is and what the rules demand.
We design these low-cost, durable, compliance-aware archive tiers, sizing the media blend, the redundancy and the retention enforcement to the obligation, in our server configuration service, building dense capacity out on platforms from the HPE Apollo range. The result is somewhere you can keep what you must keep, for as long as you must keep it, at a cost that does not punish you for retaining it.