WORM Storage and Retention for Cloud Storage

You can enable Write Once Read Many (WORM) storage and retention for the following cloud vendors:

  • Amazon S3
  • Microsoft Azure Storage
  • Oracle Cloud Infrastructure (OCI)

WORM storage prevents the accidental deletion of data that has not yet met its retention criteria.

Key Considerations

Caution

  • Enabling WORM storage lock and compliance lock applies to all associated backup destinations.
  • This action is irreversible, and you cannot reduce the retention period once enabled.
  • Enabling WORM storage automatically enables compliance lock, which prevents changes to retention settings.
  • Once enabled, WORM storage cannot be disabled, and the data remains immutable for the duration of the retention period.
  • For Amazon S3 and Azure Storage, enabling WORM storage increases the storage footprint to more than 2x the protected front-end data size, due to object lock overhead and deduplication handling. For this reason, WORM is better suited for secondary or tertiary copies than for primary data.
  • If you add a custom backup plan with WORM storage, the backup plan inherits its retention settings from the storage pool.

Types of Locks

Lock Type Scope Description Notes
WORM Storage Lock Cloud Storage Level Protects data at the cloud storage level for both deduplicated and non-deduplicated data. Air Gap Protect is not supported.
Compliance Lock Software Level Prevents destructive tasks such as deleting backups, storage, apps, servers, or reducing retention. Applies to all backup destination copies. Cloud app workloads that use bundled Commvault Cloud are not supported.

Support for OCI

Commvault Cloud supports Bucket Lock on Oracle Cloud Infrastructure (OCI).

  • OCI does not support object lock, but bucket-level retention is available through Bucket Lock.
  • When you enable WORM storage lock from the Metallic console on an OCI storage, Commvault Cloud automatically configures the corresponding bucket settings:
    • A retention lock policy is applied to the OCI bucket.
    • The retention period (in days) matches the WORM lock duration set in Commvault Cloud.

Before You Begin

Complete the following tasks on your storage platform:

Platform

Tasks

Amazon S3

  • Create an Amazon S3 bucket with Object Lock enabled and default retention disabled.
  • Verify that the PutObjectRetention permission is assigned to the bucket, along with other required permissions.
  • To download the Commvault-provided IAM policy, see Permission Requirements for AWS Resource Protection.

Azure Storage

  • Create a storage account and a container with version-level immutability enabled.
  • Verify that the Storage Blob Owner role is assigned in Azure.

Procedure

  1. From the Command Center navigation pane, go to Storage > Cloud.
    The Cloud page appears.

  2. Click the cloud storage.
    The Cloud Storage page appears.

Enable WORM Storage Lock

  1. Move the WORM storage lock toggle to the right.
    The Retention rules page appears.

  2. In Retention period, specify how long to retain backups, and then click OK.
    The Do you want to enable WORM storage lock? dialog box appears.

  3. Confirm your agreement by selecting the options, typing Confirm, and then clicking CONFIRM.

Note

  • Both WORM storage lock and compliance lock will be enabled on all associated backup destinations. This action is irreversible, and you cannot reduce the retention.
  • If you enabled WORM storage lock unintentionally, create a new storage pool with a new container or bucket.

Enable Compliance Lock Only

  1. Move the Compliance lock toggle to the right.
    The Do you want to enable Compliance lock? dialog box appears.

  2. Confirm your agreement and click YES.

Note

Compliance lock is applied to all associated backup destinations. This action is irreversible, and you cannot reduce the retention.

×

Loading...