Articles in this section

Managing Protection Policies

Sara Levy
  • Updated
Follow

Overview of Protection Policies

A protection policy is a reusable configuration that is used by the following data protection features:

  • Async replication, where data is captured by snapshots on a schedule of points in time and replicated to other clusters

  • Local backup, where data is captured by snapshots on a schedule of points in time and stored locally.

  • Backup to S3, where data is captured by snapshots on a schedule of points in time and replicated via S3 to an AWS bucket.

A protection policy defines:

  • A schedule of points in time at which to take snapshots

  • Retention time for snapshots on the local cluster

  • A remote peer, which may be a replication peer (async replication) or an S3 replication peer (backup to S3). This is not specified if the policy is intended for local backup only.

For full configuration instructions for async replication, local backup and backup to S3, see the relevant feature section, linked above.

Creating a Protection Policy via VAST Web UI

  1. From the left navigation menu, select Data Protection and then Protection Policies.

  2. Click + Create Protection Policy.

  3. In the Add Protection Policy dialog, complete the fields:

    Field

    Description

    Policy name

    Enter a name for the protection policy.

    Peer

    If you want to use the protection policy for replication to a remote cluster or to an S3 replication peer, select the replication peer or S3 replication peer from the dropdown.

    Snapshot prefix

    Enter a prefix for the snapshot names.

    The name of each snapshot will be <prefix>_<timestamp>, where <prefix> is the prefix specified here and <timestamp> is the time the snapshot is created, in the format yyyy-mm-ddTHH:MM:SS.SSSSSSzzz (T denotes time and doesn't represent a value, zzz is the timezone, and the time is accurate to the microsecond). For example, if the prefix is dev, a snapshot taken at 8:15 pm UTC on 20th November 2024 would be named dev_2024-11-20T20:15:06.144783UTC.

  4. If you want to make the protection policy indestructible, enable the Indestructible setting. This setting protects the policy and its snapshots from accidental or malicious deletion. For more information about indestructibility, see Keeping Indestructible Backups.

    Caution

    After saving the protection policy, you won't be able to delete the policy or disable its indestructibility without performing a procedure for authorized unlocking of the cluster's indestructibility mechanism.

    Note

    If a replication peer is configured, the indestructibility setting will be replicated to the peer.

  5. Set up one or more replication schedules:

    Note

    If you want to set up multiple schedules, click the Add Schedule button to display more scheduling fields in the dialog.

    • To set the start time, click in the Start at field. In the calendar that appears, click the start date you want and adjust the start time:

      Set_start_time.png

      Note

      When a protected path is active, it performs an initial data sync to the replication peer or S3 replication peer (if applicable) immediately after being created. The initial sync creates the first restore point. Therefore, the restore point created on the start date is in fact the second restore point.

    • To set a period, select a time unit from the Period dropdown and enter the number of time units in the Every field.

      Note

      The minimum interval is 15 seconds.

  6. Configure local snapshot retention:

    • If you want to retain local snapshots, set the Keep local copy for period. This is the amount of time for which local snapshots are retained on the local cluster.

      Select a time unit from the Period dropdown and enter the number of time units in the Keep local copy for field.

    • If you do not want to keep local snapshots, leave the Keep local copy for field blank. Snapshots will be deleted immediately after they are replicated to the destination peer.

  7. If a replication peer is selected, set the Keep remote copy for period. This is the amount of time restore points are retained on the replication peer.

    Select a time unit from the Period dropdown and enter the number of time units in the Keep remote copy for field.

    Note

    This setting applies only to replication peers and not to replication S3 peers. Restore points are not deleted from replication S3 peers.

  8. Click Create.

    The protection policy is created and listed in the Protection Policies page.

Modifying a Protection Policy via VAST Web UI

To modify the configuration of a protection policy, click ActionsButtonGUI2.png to open the Actions menu for the policy and select Edit. Make your changes and then click Update.

Note

Modifying a protection policy that has the indestructible setting enabled requires that the indestructibility mechanism is unlocked on the cluster.

Note

Changing snapshot expiration in the policy only affects future snapshots and not existing ones.

Removing a Protection Policy via the VAST Web UI

To remove a protection policy, click ActionsButtonGUI2.png to open the Actions menu for the policy and select Remove. Click Yes to confirm the removal.

Note

Removal of an indestructible protection policy requires first unlocking the cluster's indestructibility mechanism.

Managing Protection Policies via VAST CLI

To manage protection policies via the VAST CLI, use the following commands.

Task

Command 

Display protection policies

protectionpolicy list

Display details of a specific protection policy

protectionpolicy show

Create a protection policy

protectionpolicy create

Modify a protection policy

protectionpolicy modify

Delete a protection policy

protectionpolicy delete

Related articles

Comments

0 comments

Article is closed for comments.