|
Amazon FSx for NetApp ONTAP was launched in late 2021. With FSx for ONTAP you get the favored options, efficiency, and APIs of ONTAP file methods, with the agility, scalability, safety, and resilience of AWS, all as a completely managed service.
Today we’re including assist for SnapLock, an ONTAP characteristic that provides you the ability to create volumes that present Write Once Read Many (WORM) performance. SnapLock volumes stop modification or deletion of information inside a specified retention interval, and can be utilized to satisfy regulatory necessities and to guard business-critical knowledge from ransomware assaults and different malicious makes an attempt at alteration or deletion. FSx for ONTAP is the one cloud-based file system that helps SnapLock Compliance mode. FSx for ONTAP additionally helps tiering of WORM knowledge to lower-cost storage for all SnapLock volumes.
Protecting Data with SnapLock
SnapLock provides you a further layer of knowledge safety, and could be considered a part of your group’s total knowledge safety technique. When you create a quantity and allow SnapLock, you select one of many following retention modes:
Compliance – This mode is used to deal with mandates reminiscent of SEC Rule 17a-4(f), FINRA Rule 4511 and CFTC Regulation 1.31. You can use this mode to make sure a WORM file can’t be deleted by any person till after its retention interval expires. Volumes on this mode can’t be renamed and can’t be deleted till the retention durations of all WORM information on the amount have expired.
Enterprise – This mode is used to implement organizational knowledge retention insurance policies or to check retention settings earlier than creating volumes in Compliance mode. You can use this mode to stop most customers from deleting WORM knowledge, whereas permitting licensed customers to carry out deletions, if mandatory. Volumes on this mode could be deleted even when they include WORM information underneath an lively retention interval.
You additionally select a default retention interval. This interval signifies the size of time that every file have to be retained after it’s dedicated to the WORM state, and could be so long as 100 years, and there’s additionally an Infinite choice. You can even set a customized retention interval for particular information or particular timber of information and it’ll apply to these information on the time that they’re dedicated to the WORM state.
Files are dedicated to the WORM state after they change into read-only (chmod -w on Linux or attrib +r on Windows). You can configure a per-volume autocommit interval (5 minutes to 10 years) to routinely commit information which have remained as-is for the interval, and you can too provoke a Legal Hold in Compliance mode so as to retain particular information for authorized functions.
You even have one other fascinating knowledge safety and compliance choice. You can create one quantity with out SnapLock enabled, and one other one with it enabled, after which periodically replicate from the primary one to the second utilizing NetApp SnapVault. This provides you with snapshot copies of total volumes which you could retain for months, years, or a long time as wanted.
Speaking of fascinating choices, you may make use of FSx for ONTAP quantity knowledge tiering to maintain lively information on high-performance SSD storage and the opposite information on storage that’s cost-optimized for knowledge that’s accessed occasionally.
Creating SnapLock Volumes
I can create new volumes and allow SnapLock with a few clicks. I enter the amount identify, measurement, and path as traditional:
As I discussed earlier, I can even make use of a capability pool (that is set to Auto by default, and I set a ten day cooling interval):
I scroll all the way down to the Advanced part and click on Enabled, then choose Enterprise retention mode. I additionally arrange my retention durations, allow autocommit after 9 days, and go away the opposite choices as-is:
I add a tag, and click on Create quantity to maneuver forward:
I take a fast break, and once I come again my quantity is able to use:
At this level I can mount it within the traditional approach, create information, and permit SnapLock to do its factor!
Things to Know
Here are a few issues that you must learn about this highly effective new characteristic:
Existing Volumes – You can’t allow this characteristic for an current quantity, however you may create a brand new, SnapLock-enabled quantity, and replica or migrate the information to it.
Volume Deletion – As I famous earlier, you can’t delete a SnapLock Compliance quantity if it incorporates WORM information with an unexpired retention interval. Take care when setting this to keep away from creating volumes that may last more than wanted.
Pricing – There’s a further GB/month license cost for the usage of SnapLock volumes; take a look at the Amazon FSx for NetApp ONTAP Pricing web page for extra info.
Regions – This characteristic is offered in all AWS Regions the place Amazon FSx for NetApp ONTAP is offered.
— Jeff;