WORM Storage and Retention for Cloud Storage

You can enable Write Once Read Many (WORM) storage and retention for the following cloud vendors:

WORM storage prevents the accidental deletion of data that has not yet met its retention criteria.

Key Considerations

Caution

Enabling WORM storage lock and compliance lock applies to all associated backup destinations.
This action is irreversible, and you cannot reduce the retention period once enabled.

Enabling WORM storage automatically enables compliance lock, which prevents changes to retention settings.
Once enabled, WORM storage cannot be disabled, and the data remains immutable for the duration of the retention period.
For Amazon S3 and Azure Storage, enabling WORM storage increases the storage footprint to more than 2x the protected front-end data size, due to object lock overhead and deduplication handling. For this reason, WORM is better suited for secondary or tertiary copies than for primary data.
If you add a custom backup plan with WORM storage, the backup plan inherits its retention settings from the storage pool.

Lock Type	Scope	Description	Notes
WORM Storage Lock	Cloud Storage Level	Protects data at the cloud storage level for both deduplicated and non-deduplicated data.	Air Gap Protect is not supported.
Compliance Lock	Software Level	Prevents destructive tasks such as deleting backups, storage, apps, servers, or reducing retention. Applies to all backup destination copies.	Cloud app workloads that use bundled Commvault Cloud are not supported.

Commvault Cloud supports Bucket Lock on Oracle Cloud Infrastructure (OCI).

OCI does not support object lock, but bucket-level retention is available through Bucket Lock.
When you enable WORM storage lock from the Metallic console on an OCI storage, Commvault Cloud automatically configures the corresponding bucket settings:
- A retention lock policy is applied to the OCI bucket.
- The retention period (in days) matches the WORM lock duration set in Commvault Cloud.

Complete the following tasks on your storage platform:

Platform	Tasks
Amazon S3	Create an Amazon S3 bucket with Object Lock enabled and default retention disabled. Verify that the PutObjectRetention permission is assigned to the bucket, along with other required permissions. To download the Commvault-provided IAM policy, see Permission Requirements for AWS Resource Protection.
Azure Storage	Create a storage account and a container with version-level immutability enabled. Verify that the Storage Blob Owner role is assigned in Azure.

From the Command Center navigation pane, go to Storage > Cloud.
The Cloud page appears.
Click the cloud storage.
The Cloud Storage page appears.

Move the WORM storage lock toggle to the right.
The Retention rules page appears.
In Retention period, specify how long to retain backups, and then click OK.
The Do you want to enable WORM storage lock? dialog box appears.
Confirm your agreement by selecting the options, typing Confirm, and then clicking CONFIRM.

Note

Both WORM storage lock and compliance lock will be enabled on all associated backup destinations. This action is irreversible, and you cannot reduce the retention.
If you enabled WORM storage lock unintentionally, create a new storage pool with a new container or bucket.

Move the Compliance lock toggle to the right.
The Do you want to enable Compliance lock? dialog box appears.
Confirm your agreement and click YES.

Note

Compliance lock is applied to all associated backup destinations. This action is irreversible, and you cannot reduce the retention.