You can configure WORM storage lock in Commvault by using the following procedure.
Before You Begin
Before configuring WORM storage lock, make sure to perform the following:
Create or configure the following in cloud storage:
Notes
For information on permissions to configure cloud storages, see Creating a Cloud Storage Library.
Vendor |
Before You Begin Tasks |
---|---|
Amazon S3 |
Note Disable default retention when object lock is enabled.
|
S3 Compatible |
|
Google Cloud Storage |
Create a bucket in Google Cloud Storage. |
Microsoft Azure Storage |
|
Configure the bucket/container in Commvault software as follows:
1. Configure a cloud storage pool using the cloud bucket/container.
2. Configure a storage policy with the configured cloud storage pool.
-
We recommend not to use extended retention on WORM-enabled storage pools.
Note
For a bucket with versioning enabled, you must have the DeleteObjectVersion permission to delete versioned objects.
Procedure
-
From the CommCell Browser, navigate to Storage Resources > Storage Pools.
-
Right-click the required <Storage Pool>, and then click Properties > Storage Pool Copy.
The Storage Policy Copy Properties dialog box appears.
-
Select the box for WORM storage lock to enable it.
Note
-
This action also enables compliance lock on all associated backup destinations.
-
This action is irreversible and you cannot lower the retention on WORM storage lock enabled copy.
-
If you enabled WORM storage lock unintentionally, we recommend you to create a new storage pool with a new storage pointing to a new container or bucket.
-
-
To define retention period (for a deduplication enabled storage pool), enter the number of days to retain the data in the Retain for [] Days box.
Note
Retention on storage pool is applicable only when storage WORM property is set.
By default, the Create new DDB every [] days option is selected for deduplication enabled storage pools which denotes the DDB seal frequency. The DDB seal frequency is set to the same number as of retention days in the associated storage pool, with a minimum of 7 days and maximum of 365 days.
-
For a non-deduplication enabled storage pool, retention is defined from dependant storage policy copies or plan copies.
-
WORM Lock: Displays the number of days for the WORM lock. It is the sum of the retention of the storage policy pool copy and the DDB seal frequency.
-
-
Click OK.
-
Enter the confirmation text string, and then click OK.
The following settings are enabled in Commvault:
-
The WORM storage lock and compliance lock on the selected storage pool, and compliance lock on all the dependant copies of the selected storage pool.
-
For deduplication enabled storage pools, the seal frequency of the deduplication database (DDB) is enabled.
-
DDB is set to seal after n days, where n is set to the same number of days as retention set in the storage pool with a minimum of 7 days and a maximum of 365 days.
For example:
- For a retention lower or equal to 7 days, the DDB seal frequency is set to 7 days.
- If the retention is set for 60 days in the storage pool, the seal frequency for the DDB is also set to 60 days.
- For retention higher than 365 days, the DDB seal frequency is set to 365 days.
-
Commvault uses WORM lock days which is defined as the sum of storage pool retention in days and DDB sealing frequency.
-
For non-deduplication storage pools, WORM lock days is same as of storage pool retention.
For example, if retention is set for 60 days of the storage pool, then WORM lock days for objects at the bucket/container is also set to 60 days.
-
-
Micro pruning is disabled for the cloud storage that has WORM enabled. For cloud storage with WORM, you must use macro pruning. Data that have met retention will be identified and made irrecoverable as part of the daily data aging operations.
-
Applying of WORM settings on objects:
-
Object Lock:
- Each object will be locked as per the Commvault WORM lock days computed during the write operation to the storage and will be locked till that day.
-
Bucket Lock:
- Commvault will write data and objects will be locked as per the retention days set on the bucket/container on cloud vendor side.
-
-
When Commvault deletes a file, data aging will clean up all versions including delete markers.
- The delete marker acts as a placeholder indicating that the object that was there once, has been deleted. The primary purpose of the delete markers is to simplify the management and versioning of objects.
- For some S3 compatible storage vendors, you may need to create a life cycle rule to cleanup delete marker.
Notes
Associating DDB backups and index backups to WORM copies is not recommended.