NetApp SnapLock Configuration
Introduction:
SnapLock is an alternative to the traditional optical "write once, read many" (WORM) data. SnapLock is used for the storage of read-only WORM data.
SnapLock is a license-based, disk-based, open-protocol feature that works with application software to administer non-rewritable storage of data. The primary objective of this Data ONTAP feature is to provide storage-enforced WORM and retention functionality by using open file protocols such as CIFS and NFS. SnapLock can be deployed for protecting data in strict regulatory environments in such a way that even the storage administrator is considered an untrusted party.
SnapLock provides special purpose volumes in which files can be stored and committed to a non-erasable, non-rewritable state either forever or for a designated retention period. SnapLock allows this retention to be performed at the granularity of individual files through standard open file protocols such as CIFS and NFS.
NetApp SnapLock compliance software helps you meet strict data retention regulations and internal IT governance rules.
SnapLock is available in tow version: SnapLock compliance for strict regulatory environment, and SnapLock Enterprise, for more flexible environments.
SnapLock can integrates with the snap Mirror and snap vault, and snap mirror allows the SnapLock volumes to be replicated to another storage system and Lock vault backs up SnapLock volumes to a secondary storage system to ensure that if the original data is destroyed than the data can be restored or accessed from another location.
Once the data is created in the SnapLock volume they comes under the retention period and these files get treated as WORM, so that nobody can delete or modify the data until and unless it reach to its retention period, the SnapLock volumes cannot be deleted by the user, administrator nor by the application, the retention date on a WORM file is set when the file is committed to WORM state, but it can be extended at any time. The retention period can never be shortened for any WORM file.
SnapLock Compliance
SnapLock Compliance is used in strictly regulated environment, where data is retained for longer period of time and these data are accessed frequently only for readable purpose.
SnapLock Compliance even does not allow the storage administrator’s to perform any operations that might modify the file, it uses the feature called “ComplianceClock” to enforce the retention periods. SnapLock Compliance requires the SnapLock license to enable the SnapLock features and to restrict the administration access to the file.
SnapLock Enterprise
SnapLock Enterprise allows the administrator to destroy the SnapLock volume before all the file on the volume reach their expiration date. However no one else can delete or modify the files.
It requires the SnapLock _enterprise license
Configuration Steps:
1. Check the licenses or else add the snaplock licenses.
2. Check and initialize the snaplock time.
Manages ComplianceClock of nodes
The snaplock
compliance-clock manages the ComplianceClock of the
system. ComplianceClock determines the expiry time of the SnapLock objects in
the system. ComplianceClock can be initialized only once by the user and once
it is set, it cannot be changed or altered by the user. There are two types of
ComplianceClocks in the system:
- System ComplianceClock
- Volume ComplianceClock
System ComplianceClock (SCC) is maintained per node. SCC is
used to update the Volume ComplianceClock and to provide a base value for
Volume ComplianceClock for new SnapLock volumes. The SCC is initialized once by
the user and takes the initial base value from the system clock. snaplock
compliance-clock show can be used to check the value
of the System ComplianceClock.
Volume ComplianceClock (VCC) is maintained per volume and is
used as the time reference to calculate the expiry time of SnapLock objects in
the SnapLock volume, such as files and the expiry date of the volume. volume
snaplock show can be used to check the value of
the Volume ComplianceClock.
3. Initialize the snaplock time stamp to the node.
4. Now create an aggregate with snaplock type is Enterprise or Compliance.
5. Now create a volume using an aggregate.
6. Modify the retention period as per your requirement either using CLI or GUI.