Skip to main content
Version: vStor 4.15

Immutability in vStor

Immutability in vStor provides a robust mechanism to protect data at both the snapshot and volume levels, ensuring data integrity by preventing unauthorized or accidental modifications and deletions. This feature allows administrators to set holds on snapshots and enable deletion lock on volumes, safeguarding critical data against ransomware attacks and other security threats.

By utilizing immutability controls, you can enhance your security, ensuring compliance and facilitating reliable data recovery.

Requirements

Before activating deletion lock features, it is mandatory to enable multifactor authentication (MFA) for an added layer of security.

Attention!

Without MFA enabled on your vStor account, all deletion lock controls will be disabled.

Types of Deletion Locks

The system allows users to select between two types of locks: Flexible Protection and Fixed Protection, catering to different security and flexibility needs.

Flexible Protection

[image expected here]

This lock type allows adjustments or removal using MFA, providing flexibility in managing the lock:

  • To adjust or remove a Flexible Protection, authenticate with your MFA code. This action can modify the retention period or completely remove the lock.

Fixed Protection

[image expected here]

Once set, this lock type is immutable and cannot be changed until the retention period expires. This ensures that the data remains unchanged and protected against any modifications:

  • When choosing a Fixed Protection, a confirmation modal will appear to confirm the action.
  • A retention period must be set when applying a Fixed Protection, defining the duration for which the snapshot will remain immutable.
Attention!

Fixed deletion lock cannot be modified or disabled until the retention period expires.

Volume Deletion Lock

vStor supports deletion lock for volumes, preventing unauthorized or inadvertent deletion of volumes. This feature requires multifactor authentication.

Enabling Volume Deletion Lock for New Volumes

When creating any volume type (Filesystem, MinIO, LUN), switch the Enable volume deletion lock toggle to on.

[image expected here]

Protected volumes are marked with a shield icon in the volume view, indicating their protected status.

[image expected here]

Enabling Volume Deletion Lock for Existing Volumes

To enable deletion lock for an existing volume:

  1. Navigate to the volume’s details page by clicking the volume name.
  2. Switch the Enable volume deletion lock toggle to on.

[image expected here]

Disabling Volume Deletion Lock

To disable Volume Deletion Lock:

  1. Navigate to the volume’s details page by clicking the volume name.
  2. Switch the Enable volume deletion lock toggle to off.

[image expected here]

  1. Confirm the action, authenticating with your MFA verification code.

Now, you will be able to delete this volume.

File Immutability

File immutability allows you to protect individual files within a volume from modification or deletion. This feature requires multifactor authentication.
To apply or remove file immutability:

  1. Navigate to the volume’s details view.
  2. Choose one of the following options in the File Immutability section:
    • Click Apply to all files to enable immutability for all existing files on the volume.
    • Click Remove from all files to disable immutability for all files on the volume.

[image expected here]

  1. When removing immutability, confirm the action with your MFA verification code.

Snapshot Deletion Lock

Snapshot deletion lock prevents the accidental or unauthorized deletion and modification of snapshots.

Enabling Snapshot Deletion Lock for New Snapshots

When creating a new snapshot:

  1. Switch the Enable deletion lock toggle.
  2. Choose the type of snapshot deletion lock (Flexible or Fixed) and set the retention period, if applicable.
  3. Click Save.

[image expected here]

The newly created snapshot is now protected with deletion lock.

[image expected here]

See also.

To learn about available types of Deletion Locks, see Types of Deletion Locks.

Enabling Snapshot Deletion Lock for Existing Snapshots

To add deletion lock to an existing snapshot:

  1. Hover over the name of the snapshot.
  2. Click the More Actions (...) button.

[image expected here]

  1. Select Enable deletion lock from the menu.
  2. Choose the type of snapshot deletion lock (Flexible or Fixed) and set the retention period, if applicable.
See also.

To learn about available types of Deletion Locks, see Types of Deletion Locks.

  1. Click Save.

Disabling Snapshot Deletion Lock

To disable snapshot deletion lock:

  1. Hover over the name of the snapshot.
  2. Click the More Actions (...) button.

[image expected here]

  1. Select Disable deletion lock from the menu.
  2. Confirm the action, authenticating with your MFA code.

By disabling the deletion lock, you release the volume hold and return the snapshot to its normal, mutable state.

Snapshot Deletion Lock Policy

The Snapshot Deletion Lock Policy feature allows administrators to define a default snapshot deletion lock configuration at the volume level. When enabled, all newly created snapshots on the selected volume automatically inherit the configured lock settings, eliminating the need for manual post-creation locking. This feature introduces a policy-based approach, ensuring cosistent enforcement of retention and protection rules across all new snapshots within a volume.

This feature requires multifactor authentication.

To configure a snapshot deletion lock policy:

  1. Navigate to the volume’s details page.
  2. In the Details tab, find the Snapshot Deletion Lock Policy pane and click Enable to launch the Snapshot Deletion Lock Policy dialog window.

[image expected here]

  1. Choose the type of snapshot deletion lock (Flexible or Fixed) and set the retention period, if applicable.

[image expected here]

  1. Click Set deletion lock to confirm.

The deletion lock will be automatically applied during snapshot creation.

Important!

The policy applies only to new snapshots created after the policy is set; existing snapshots remain unchanged.

The lock configuration cannot be overridden at snapshot creation time.

Restrictions.

Snapshot Deletion Lock Policies cannot be configured on volumes with an active offload relationship and on replica volumes.

Replication Deletion Lock

Tip.

To enable this feature, you need to activate multifactor authentication for your user. For details, see Using Multifactor Authentication (MFA).

vStor allows enabling deletion lock for replicated data when creating new replication relationships. This feature creates immutable, Write Once Read Many (WORM) storage on the replication target, preventing any modifications or deletions of replicated data.

Attention!

This feature does not apply to the replication relationship itself but affects snapshots when they are uploaded. Disabling this setting will not remove deletion lock from already uploaded snapshots or vice versa.

Enabling Replication Deletion Lock for New Relationships

When creating a new replication relationship:

  1. Switch the Enable deletion lock on replicated snapshots toggle on.

[image expected here]

  1. Choose the snapshot deletion lock type (Flexible or Fixed).
See also.

To learn about available types of Deletion Locks, see Types of Deletion Locks.

  1. Complete the replication relationship setup.

Enabling Replication Deletion Lock for Existing Relationships

For existing replication relationships:

  1. Navigate to the Replication section in the menu.
  2. Locate the desired replication relationship.
  3. Hover over the name of the replication relationship.
  4. Click the More Actions (...) button.
  5. Select Enable deletion lock from the menu.

[image expected here]

  1. Choose the type of snapshot deletion lock (Flexible or Fixed) and set the retention period, if applicable.
See also.

To learn about available types of Deletion Locks, see Types of Deletion Locks.

  1. Click Set deletion lock.
Important.

Changing this setting does not affect the deletion lock timespan for previously replicated snapshots.

Disabling Replication Deletion Lock

To disable replication deletion lock:

  1. Locate the desired replication relationship.
  2. Hover over the name of the replication relationship.
  3. Click the More Actions (...) button.
  4. Select Disable deletion lock from the menu.

[image expected here]

  1. Confirm the action, authenticating with your MFA code.

Disabling deletion lock allows deleting replicated data on the target as per the default replication settings.

Important.

Changing this setting does not affect the deletion lock timespan for previously replicated snapshots.

Bulk Management of Deletion Lock Settings

vStor facilitates the bulk application or removal of deletion lock settings, streamlining administrative tasks.

To manage deletion lock for multiple items at the same time:

  1. Select the checkbox next to each volume or snapshot you want to update.
  2. Once you have selected all desired items, a bulk actions menu will appear in the top right corner.
  3. From this menu, choose either Enable deletion lock or Disable deletion lock to apply the setting to all selected items.
    If you are disabling the deletion lock, you will be prompted to confirm the action using your MFA code.

[image expected here]

This allows you to check and update multiple volumes and snapshots in one go, rather than editing them individually.

Tip.

The system will continue processing even if actions on some items fail. The system provides a summary of any errors post-completion.