Tamperproof snapshots on mirror and vault

muzzy543 — Fri, 13 Jun 2025 11:00:23 GMT

Hi All,

I am deploying Tamperproof Snapshots (TPS) and I am in the process of creating my snapshot policies with a retention period. My question is about the snapmirror and snapvault destination volumes. My understanding is that the snapshot expiry-time on the source snapshot will not carry over to the mirror/vault. Do I need to create and assign a snapshot policy on the mirror and vault? I thought you can’t create snapshots on these as they are read-only?

Re: Tamperproof snapshots on mirror and vault

muzzy543 — Fri, 13 Jun 2025 11:17:54 GMT

I found the answer to my own question.

Deploying a Retention Period to SnapMirror Snapshots

To set a retention period for SnapMirror snapshots, follow these steps:

Modify SnapMirror Policy: You can add a rule to an existing SnapMirror policy to specify the retention period for snapshots replicated to the destination volume. Use the following command:
snapmirror policy add-rule -vserver <SVM name> -policy <policy name> -snapmirror-label <label name> -keep <number of snapshots> -retention-period [<integer> days|months|years]

For example, to apply a retention period of 6 months to a policy named "lockvault":

snapmirror policy add-rule -vserver vs1 -policy lockvault -snapmirror-label test1 -keep 10 -retention-period "6 months"

Retention Period Precedence: The specified retention period will take precedence over the keep count. This means that snapshots that have not reached their expiry will be retained even if the keep count is exceeded.
Default Retention: If no specific retention period is set, the default retention period of the destination volume will apply.

By following these steps, you can effectively manage the retention of SnapMirror snapshots.

topic Re: Tamperproof snapshots on mirror and vault in ONTAP Discussions

Tamperproof snapshots on mirror and vault

Re: Tamperproof snapshots on mirror and vault