• EN
Question

Question about exit strategy from immutable backup

Andanet
Userlevel 7
Badge +10

Hi all, 

I’m working to understand more about question in object. In specific I start from @regnor blog using StoreOnce. 

If I set an immutability ends in 3 years but a customer want to exit from this service after 2 years what are the correct ways to remove all backup data after export? 

I know good start is to have xx days (30?) for immutability but if customer wants GFS policy up to 3 years immutable how can I operate? 

I know this is a MSP based question for this I hope someone can help me.

Thanks. 

 

 

Antonio D'Andrea | VCP6-DCV | VMCE 2021 | VMCA 2022 | VMTSP2023 | Veeam Legend 2023 | VUG Italy Leader | I want it written on my tombstone "Please start a restore to the last valid backup"

13 comments

SteveF
Userlevel 6
Badge +2

@Andanet You may want to check with HPE to see if they have any capabilities to help you out.  I misread the product you were using and thought it was an object storage platform that has a slightly similar name

Twitter @sfirmes | Email: steve.firmes@veeam.com
Chris.Childerhose
Userlevel 7
Badge +20

I know on Linux you can remove the immutability flag with a command and then remove files but not sure if NetApp works the same way.  The new feature would have been great using the 12.1 but looks like you are contacting NetApp now to see.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
SteveF
Userlevel 6
Badge +2

When using S3 object locking apis, there are two retention modes:

  1. Compliance
  2. Governance

The details of these retention modes can be found here S3 Object Locking.

 

The major difference between these two is Compliance Mode doesn’t allow the removal or reduction of object lock retention once an object is written.  Governance allows that type of manipulation if they are given permission to do so.

 

Prior to 12.1 VBR only supported Compliance Mode, but due to the scenario of this topic we saw the need/use case to support Governance Mode in 12.1.

Twitter @sfirmes | Email: steve.firmes@veeam.com
Chris.Childerhose
Userlevel 7
Badge +20

Thanks for sharing the details Steve.  Going to read up on this.  👍🏼

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Andanet
Userlevel 7
Badge +10

@Andanet you ask a great question.  In v12.1 we added the support for Governance Mode for object lock/immutability just for this use case.  Unfortunately, it only applies to new buckets and backups so this new feature won’t help you.  From a Veeam/VBR perspective, there is nothing you can do other than wait until the object lock expires.  You may want to check with NetApp to see if they have any capabilities to help you out.

Thanks @SteveF . I talking about HPE StoreOnce and probably is a question more focused on storage than Veeam. I hope anyone have some experiences. 

Thanks 

Antonio D'Andrea | VCP6-DCV | VMCE 2021 | VMCA 2022 | VMTSP2023 | Veeam Legend 2023 | VUG Italy Leader | I want it written on my tombstone "Please start a restore to the last valid backup"
Mildur
Userlevel 7
Badge +12

@Andanet you ask a great question.  In v12.1 we added the support for Governance Mode for object lock/immutability just for this use case. 

The key is for Amazon S3 and S3 compatible object storage only. Just in case @Andanet has asked specifically for StoreOnce immutability.

We don’t have such a key for DataDomain, StoreOnce and Azure repositories.

 

Best,

Fabian

Product Management Analyst @ Veeam Software
Chris.Childerhose
Userlevel 7
Badge +20

@Andanet you ask a great question.  In v12.1 we added the support for Governance Mode for object lock/immutability just for this use case. 

The key is for Amazon S3 and S3 compatible object storage only. Just in case @Andanet has asked specifically for StoreOnce immutability.

We don’t have such a key for DataDomain, StoreOnce and Azure repositories.

 

Best,

Fabian

This is also great to know Fabian as I did not realize it pertained specifically to Amazon only.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
SteveF
Userlevel 6
Badge +2

My apologies.  I read StoreOnce, but my mind processed StorageGrid.

 

I hate Monday mornings sometimes and this is one of them.

Twitter @sfirmes | Email: steve.firmes@veeam.com
NZ_BenThomas
Userlevel 6
Badge +3

@Andanet you ask a great question.  In v12.1 we added the support for Governance Mode for object lock/immutability just for this use case. 

The key is for Amazon S3 and S3 compatible object storage only. Just in case @Andanet has asked specifically for StoreOnce immutability.

We don’t have such a key for DataDomain, StoreOnce and Azure repositories.

 

Best,

Fabian

Would be great to see Governance mode supported on the DataDomain as well :) For the same reasons as any other immutable storage device.

Ben Thomas | Solutions Advisor | Veeam Vanguard 2023 | VMCE2022 | Microsoft MVP 2018-2023 | BCThomas.com
dloseke
Userlevel 7
Badge +6

I can tell you that if you’re using Wasabi object storage with immutability, if the client decides to leave, you’re stuck with the data until the flag expires.  There is not overriding that flag and removing the data administratively.  This includes deleting the bucket entirely, as you’ll get the below error message.

None of my clients have immutability beyond 90 days, but I did make the mistake of setting 1 year of immutability when I was testing things, which is why I can reproduce the below message when I try to delete the bucket with immutable data inside of it.  I know this isn’t entirely your situation, but just as a FYI with Wasabi storage, this is the case.

 

 

Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2023 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
regnor
Userlevel 7
Badge +14

@Andanet Even with immutable objects you can delete a Catalyst Store. You'll just need to approve the deletion with a security officer account.

 

 

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard
Andanet
Userlevel 7
Badge +10

@Andanet Even with immutable objects you can delete a Catalyst Store. You'll just need to approve the deletion with a security officer account.

 

 

Thanks @regnor, as I wrote I appreciate very much you posts and from these I got inspired. Technically is correct the action to delete a Store. but now we must consider a lawyer aspect too. 

If a customer defaults and doesn't pay the invoice, is it legal to delete the data?

Thanks

Antonio D'Andrea | VCP6-DCV | VMCE 2021 | VMCA 2022 | VMTSP2023 | Veeam Legend 2023 | VUG Italy Leader | I want it written on my tombstone "Please start a restore to the last valid backup"
regnor
Userlevel 7
Badge +14

Thanks for the kind words @Andanet 😊

The legal part unfortunately is out of my scope 😉 Probably this should be defined in the contract and approved by your legal department.

Max M. | Systems Engineer @Veeam | VMCE/VMCA | former Legend & Vanguard

Comment


Terms & Conditions