SNAPLOCK:
Many businesses rely on some use of write once, read many (WORM) data storage to meet regulatory compliance or simply to add another layer of data protection to their critical files (or data).
To address issues faced by growing business requirements for WORM data storage and to alleviate issues inherent with traditional WORM storage solutions, NetApp introduced SnapLock software. SnapLock allows companies to benefit from the data permanence functionality of traditional WORM storage using existing easy-to-manage NetApp disk storage technologies.
SnapLock is the NetApp high-performance compliance solution that provides the capability of data retention and WORM protection for retained data. With SnapLock, customers can create nonmodifiable, nonerasable volumes to prevent files from being altered or deleted until a specified retention date. SnapLock allows this retention to be performed at the file level through standard open file protocols such as CIFS and NFS. SnapLock is a license-based feature of ONTAP that works with application software to administer nonrewritable storage of data.
There are two types of SnapLock:
· SnapLock Compliance (SLC)
· SnapLock Enterprise (SLE)
In a data compliance environment, you cannot rely on a system clock because it can be arbitrarily modified by the administrator, thereby compromising the retention period of WORM files and Snapshot™ copies. Therefore, SnapLock relies on the ComplianceClock service in ONTAP, which is a softwarebased tamper-resistant clock. The ComplianceClock can be initialized only once by the administrator on every node, after which it operates based on hardware ticks.
There are two types of ComplianceClock:
· System ComplianceClock (SCC)
Each SnapLock volume maintains the following on-disk metadata for the VCC:
· VCC time: 64-bit VCC time stamp
· SCC time: 64-bit SCC time stamp (SCC time at last update)
· Node ID: unique identifier for the node (used for SCC-VCC association)
· SCC ID: unique identifier for the SCC (used for SCC-VCC association)
SnapLock is the aggregate-level property. In order to set up WORM storage, the administrator can specify the -snaplock-type while creating the aggregate.
SnapLock provides retention granularity at the individual file level. There are two methods to commit a file to WORM on a SnapLock volume.
· Manual Commit
· Autocommit
Regardless of how files are committed to an immutable state on a SnapLock volume, it is important to understand the retention period settings. Every record committed to the WORM state on a SnapLock volume can have an individual retention period associated with it. ONTAP enforces retention of these records until the retention period ends. After the retention period is over, the records can be deleted but not modified. Each SnapLock volume has options that are set to control the minimum, maximum, and default retention periods. These values are minimum-retention-period, maximum-retention-period, and default-retentionperiod, respectively.
SnapLock Volume Append Mode (VAM)
When a user commits a file in a SnapLock volume to WORM, the file cannot be deleted until the file retention time has expired. At no point in time can the file contents be modified before or even after expiration. A file's retention time can only be extended, not shortened. For logging purposes, a user might want to append to this WORM file.
Legal Hold
ONTAP 9.3 introduces a feature of legal hold. Legal hold is a feature by which files, folders, a volume, or list of volumes can be held in a tamper-proof state for an indefinite time period for litigation purposes. This hold prevents deletion of the specified objects until the legal hold is removed. This legal hold can be released at any time. If a previous hold of any sort or the original retention period has not expired when the legal hold is removed, the original retention period or previous hold remains in effect. A legal hold is allowed only on SnapLock Compliance volumes. Up to 255 legal holds per file and 65,535 litigations per volume can be applied.
Initialize the compliance clock for all the nodes.
Then create an aggregate with the option -snaplock-type.
Check the aggregate snaplock type.
Create volume in the compliance enabled aggregate.
List the volume snaplock information.
Once the volume is exported or shared via NFS or CIFS, then create a files and change the file access permission to read only.
Then using the following commands to check the file type and file type is changed to WORM.
You want to set auto-commit for files, then use the following command to modify and set the time period for auto commit for files in the compliance volumes.
No comments:
Post a Comment