VAST Cluster enables you to create and maintain immutable backups using a feature called Indestructibility. Snapshots and protection policies can be flagged indestructible and they are then protected from accidental or malicious deletion and modification. The cluster's indestructible backups are protected from ransomware attacks by several layers of security.
Protection policies that you flag indestructible create immutable snapshots that are retained for the period you configure them. The retention period cannot be reduced when the protection policy is indestructible and replication peer configurations cannot be removed. Protected paths that use an indestructible protection policy cannot be paused. If you choose to create single snapshots manually, you can also flag those as indestructible and confer the same immutability on those - the snapshot cannot be deleted and its expiration period cannot be shortened.
Should you need to remove or modify indestructible protection policies and snapshots, it is possible to unlock the indestructibility mechanism for a limited time, delete and modify as needed. The indestructibility protection resumes automatically after one hour. Unlocking can be done only by specially enrolled authorized personnel via a multi-factor secure procedure, involving encrypted tokens generated via VMS and by VAST Support.
When the indestructibility mechanism is locked on the cluster, the following actions cannot be done by any user:
Deleting an indestructible protection policy or any snapshot created by an indestructible protection policy
Modifying an indestructible protection policy.
Pausing a protected path that uses an indestructible protection policy.
Deleting an indestructible snapshot or shortening the expiration period of an indestructible snapshot.
Changing the indestructibility password, which is used to generate a token in the security procedure used to unlock the indestructibility mechanism.
Changing the password restore delay for the indestructibility password.
The following actions can be done while the indestructibility mechanism is locked:
Lengthening the expiration period of a snapshot.
Resuming a paused protection path that uses an indestructible protection policy.
Failing over to a native replication peer.
Indestructibility is of course designed to be used in conjunction with replication to a remote cluster to form a complete solution for maintaining immutable backups which ensure that you can always recover data without paying a ransom to a cyber attacker. In case of the need to fail over to a native replication peer, the failover is supported while the indestructibility mechanism remains locked.
The indestructibility setting on a native replication protection policy is replicated to a remote peer, while retention periods do not have to match on the two peers.
Each native replication peer has its own unique indestructibility password. Deletion of an indestructible snapshot requires that the indestructibility mechanism is unlocked on the cluster where the snapshot resides. That is, if an indestructible protection policy replicates snapshots from peer A to peer B, if you need to delete a replicated snapshot from Peer B, you need to unlock the indestructibility mechanism on peer B.
Article is closed for comments.