Commvault offers two types of WORM functionality: Storage lock and Compliance lock.
Storage Lock
You can use the Storage lock option for both deduplicated and non-deduplicated data in disk libraries. Storage lock provides data security at the physical (hardware) level.
Notes
-
Do not enable Storage lock at the backend systems or applications, other than those specified in Configuring WORM Storage Lock.
-
If you enable the Storage lock, the Compliance lock is automatically enabled. Also, you can enable only the Compliance lock.
Compliance Lock
Compliance lock is a security control that provides protection from destructive tasks such as deleting backups, storage, apps, servers, and backup destination copies, and reducing retention for disk storage vendors within the CommCell Console interface. You can enable the Compliance lock at the storage level, and all associated backup destination copies will be locked and protected.
Compliance lock provides data security only at the software level (within the Commvault user interface) by protecting data against rogue users that use compromised credentials.
The combination of Storage lock and Compliance lock features results in immutable backups that neither the storage administrator nor the Commvault administrator can delete.