Immutability in vStor
Note. This feature is available for vStor 4.11 and higher.
Immutability in vStor provides a robust mechanism to protect data at both the snapshot and volume levels, ensuring data integrity by preventing unauthorized or accidental modifications and deletions. This feature allows administrators to set holds on snapshots and enable protection on volumes, safeguarding critical data against ransomware attacks and other security threats.
By utilizing immutability controls, you can enhance your security, ensuring compliance and facilitating reliable data recovery.
Requirements
Before activating deletion protection features, it is mandatory to enable multifactor authentication (MFA) for an added layer of security.
Attention! Without MFA enabled on your vStor account, all deletion protection controls will be disabled.
Types of Deletion Locks
The system allows users to select between two types of locks: Flexible Protection and Fixed Protection, catering to different security and flexibility needs.
Flexible Protection
This lock type allows adjustments or removal using MFA, providing flexibility in managing the lock:
To adjust or remove a Flexible Protection, authenticate with your MFA code. This action can modify the retention period or completely remove the lock.
Fixed Protection
Once set, this lock type is immutable and cannot be changed until the retention period expires. This ensures that the data remains unchanged and protected against any modifications:
When choosing a Fixed Protection, a confirmation modal will appear to confirm the action.
A retention period must be set when applying a Fixed Protection, defining the duration for which the snapshot will remain immutable.
Attention! Keep in mind that a fixed lock is immutable and cannot be changed until the retention period expires.
Volume Deletion Protection
vStor supports deletion protection for volumes, preventing unauthorized deletions of volumes.
Enabling Volume Deletion Protection for New Volumes
During the creation of any volume type (Filesystem, MinIO, LUN):
Locate the Protect Volume option.
Toggle the option to enable deletion protection for the volume.
Protected volumes are marked with a shield icon in the volume view, indicating their protected status.
Enabling Volume Deletion Protection for Existing Volumes
To enable deletion protection for an existing volume:
Navigate to the volume's details page by clicking on the volume name.
Locate the Enable volume deletion lock toggle.
Click the toggle to enable deletion protection.
Disabling Volume Deletion Protection
To disable volume deletion protection:
Navigate to the volume's details page by clicking on the volume name.
Locate the Disable volume deletion lock toggle.
Click the toggle to disable deletion protection.
Authenticate the action with your MFA code.
Now, you will be able to delete this volume.
File Immutability
File immutability is a feature that allows you to protect individual files within a volume from modification or deletion. To apply or remove file immutability:
Navigate to the volume's details page.
Locate the File Immutability section.
Choose one of the following options:
Click Apply to all files to enable immutability for all existing files on the volume.
Click Remove from all files to disable immutability for all files on the volume.
If removing immutability, confirm the action with your MFA code.
Snapshot Deletion Protection
Snapshot deletion protection prevents the accidental or unauthorized deletion and modification of snapshots.
Enabling Snapshot Deletion Protection for New Snapshots
When creating a new snapshot:
Enable the Protect option. This applies a hold to the snapshot.
Choose the type of snapshot protection (Flexible or Fixed).
See also. To learn about available types of Deletion Locks, see Types of Deletion Locks.
Enabling Snapshot Deletion Protection for Existing Snapshots
To add deletion protection to an existing snapshot:
Hover over the name of the snapshot.
Click the More Actions (...) button.
Select Enable Protection from the menu.
Choose the type of snapshot protection (Flexible or Fixed).
See also. To learn about available types of Deletion Locks, see Types of Deletion Locks.
Set the retention period, if applicable.
Confirm the action.
Disabling Snapshot Deletion Protection
To disable snapshot deletion protection:
Hover over the name of the snapshot.
Click the More Actions (...) button.
Select Disable Protection from the menu.
Authenticate the action with your MFA code.
By disabling the protection, you release the volume hold and return the snapshot to its normal, mutable state.
Replication Deletion Protection
Attention! This feature does not apply to the replication relationship itself but affects snapshots when they are uploaded. Disabling this setting will not remove protection from already uploaded snapshots or vice versa.
vStor allows enabling deletion protection for replicated data when creating new replication relationships. This feature creates immutable, Write Once Read Many (WORM) storage on the replication target, preventing any modifications or deletions of replicated data.
Enabling Replication Deletion Protection for New Relationships
When creating a new replication relationship:
Toggle the Protect replicated snapshots option.
Choose the type of snapshot protection (Flexible or Fixed).
See also. To learn about available types of Deletion Locks, see Types of Deletion Locks.
Complete the replication relationship setup.
Enabling Replication Deletion Protection for Existing Relationships
For existing replication relationships:
Navigate to the Replication section in the menu.
Locate the desired replication relationship.
Hover over the name of the replication relationship.
Click the More Actions (...) button.
Select Enable Protection from the menu.
Choose the type of snapshot protection (Flexible or Fixed).
See also. To learn about available types of Deletion Locks, see Types of Deletion Locks.
Set the retention period, if applicable.
Confirm the action.
Hint. To enable this feature, you need to activate MFA on the source vStor system. For details, see Using Multi-factor Authentication (MFA).
Disabling Replication Deletion Protection
To disable replication deletion protection:
Locate the desired replication relationship.
Hover over the name of the replication relationship.
Click the More Actions (...) button.
Select Disable Protection from the menu.
Authenticate the action with your MFA code.
Disabling protection allows deleting replicated data on the target as per the default replication settings.
Bulk Management of Deletion Protection Settings
vStor facilitates the bulk application or removal of deletion protection settings, streamlining administrative tasks.
To manage deletion protection for multiple items at the same time:
Select the checkbox next to each volume or snapshot you want to update.
Once you have selected all desired items, a bulk actions menu will appear in the top right corner.
From this menu, choose either Enable Protection or Disable Protection to apply the setting to all selected items.
If you are disabling the protection, you will be prompted to confirm the action using your MFA code.
This allows you to check and update multiple volumes and snapshots in one go, rather than editing them individually.
Tip. The system will continue processing even if actions on some items fail. The system provides a summary of any errors post-completion.
Last updated