ONTAP Discussions

Snaplock Documentation

jacqui_brockwell
7,018 Views

As much as I have tried searching, I just can't seem to find any documentation on setting up a Snaplock volume correctly? Am I being blind and completely missing it somewhere.

We already have our compliance aggregate setup, and set up what we thought was a working snaplock volume and lun to attach to a Win2k3 server as a disk for use similar to the old WORM drive it is replacing (the software using this can't attach to UNC paths so it must be a drive).  However we still seem to be able to modify or delete entries in the volume.  I'm therefore after some documentation I can flick through to see what settings are available and what they mean or a general setup guide for snaplock; is there such a thing?

Many thanks in advance

10 REPLIES 10

mitchells
6,975 Views

Are you setting the read-only attribute on your files?

adamfox
6,975 Views

I don't believe Snaplock works on block-based storage (i.e. LUNs) and must work on files (NAS). The problem is that ONTAP does not see inside the LUN and so therefore cannot know when you are changing the attributes of a file within the LUN.

If you must use LUNs, you'll need some kind of host application to do the WORM functionality for you.

-- Adam Fox

jacqui_brockwell
6,976 Views

If that's the case, then that's a bit of a pain as this is how it was sold to us.  Is it not possible just to set the minimum retention period and default retention period to something extremely high and for it to not allow you to delete things like that? or are you saying you must have a third party front end on top

mitchells
6,976 Views

You do not have to have a third party application on top, but it is recommended for structured data.  LockVault is recommended for unstructured data.

You can set the snaplock autocommit option to automatically set the read only flag if the file has not been modified for a certain amount of time.

Thanks,

Mitchell

jacqui_brockwell
6,975 Views

Very basic question I'm aware; but if we have to set a Read Only attribute on the file; then I'm guessing anyone could in theory just take the read attribute off and then delete the file in this case then? Or am I wrong..

mitchells
6,975 Views

You cannot take the read-only attribute on the file off as long as the snaplock retention time is still valid.

Since you are setting up snaplock compliance edition, I would recommend setting up a Data ONTAP simulator to test snaplock.  SnapLock compliance edition is tamperproof to the extreme so if you make a mistake on a real filer with real disks you cannot fix it until all of the files expire.

Thanks,

Mitchell

jacqui_brockwell
6,975 Views

Hi, thanks for that.  Sorry if there is confusion, but we are using SnapLock Enterprise in this particular case rather than Compliance (we want to be able to recover the storage in future if needed).

mitchells
4,844 Views

In your original post, you had mentioned compliance aggregate.  If you are using snaplock enterprise edition then you can destroy the aggregate as needed.

Thanks,

Mitchell

jacqui_brockwell
6,975 Views

Thanks for that, I'll have a trawl through this morning and see if I can find anything else of interest.

Public