VeeamON 2024 - Use Code "COMMUNITY10" for 10% Off!
As everyone else noted here, Four Eyes is the way to go. That said, you’ll want to make sure that nobody has access to the back-end storage as well to where the actual backup files can be deleted behind the scenes. You are correct that the data needs to be protected as well. That is why you should use immutability via hardened Linux repositories and/or S3 object lock. Immutability + four eyes authentication will help protect the data from the rogue administrator.
@Andanet You may want to check with HPE to see if they have any capabilities to help you out. I misread the product you were using and thought it was an object storage platform that has a slightly similar name
When using S3 object locking apis, there are two retention modes:Compliance GovernanceThe details of these retention modes can be found here S3 Object Locking. The major difference between these two is Compliance Mode doesn’t allow the removal or reduction of object lock retention once an object is written. Governance allows that type of manipulation if they are given permission to do so. Prior to 12.1 VBR only supported Compliance Mode, but due to the scenario of this topic we saw the need/use case to support Governance Mode in 12.1.
My apologies. I read StoreOnce, but my mind processed StorageGrid. I hate Monday mornings sometimes and this is one of them.
Another option is to use VBR’s Archive Tier feature. It enables you to send GFS backups (weekly,monthly, yearly) to a cold storage tier of object storage. This includes AWS S3 Glacier, Microsoft Azure Archive Storage, and new with VBR v12.1 on-prem cold s3 compatible storage.
just thinking, archive tier isnt visible in the SOBR so I assume its not compatible with the performance or capacity tier…..so we have to use backup copy jobs Do you have an archive tier repository available to be used by the SOBR?
Thank you for the useful experience and sharing @SteveF May I ask what the procedure is for restoring/recovering data from the archive level? Is it necessary to move to capacity level first? When you do the restore from the archive tier, VBR will handle all of the work to get the data restored for you. You don’t need to do anything other than selecting what you want restored. Here are the instructions for Restoring from Archive Tier. As you said, the backup that is entered at the archive level is a full backup based on the GFS scenario that we created. My question is how do I create a scenario that in a year there are 4 full / GFS backups? and what happened in the following year? You would just need to schedule within VBR the creation of the 4 GFS backups during the year based upon your requirements. A great explanation of VBR’s GFS backups can be found here: VBR + GFS Backups Hope this helps. Steve
can you please explain the process of deleting the unwanted immutable backup in Governance mode? Is this done from the S3 bucket end or from VBR server end? All deletions are issued via VBR. Nothing should be manually deleted from a bucket used by VBR,VB365, etc…. Our software applications should be the only thing issuing deletions. Hope that answers your question. Steve
Geoff, I will be briefing your PM folks about the upcoming SOSAPI updates soon. While I can’t share them publicly yet, we can provide them to you under NDA. For everyone else, when I can share the SOSAPI updates I will do so here. ThanksSteve
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.