Skip to main content
Solved

Immutable Backup Images

  • 25 February 2021
  • 5 replies
  • 2823 views

Forum|alt.badge.img+1

We currently have a ‘dual-site’ scenario - each with 2 media agents attached to a Dell/EMC ME4084 disk library.  Commvault is configured with a CommCell in each site - with failover enabled.  Backup images are secured in each local site and then a secondary copy replicated to the alternate site.

As I am sure is common - the questions are being raised around immutable backups in this CV environment

I have seen documentation regarding immutability of cloud based backups, and discussions of WORM technology - but am unsure as to what applies to us here with our CommVault / disk library configuration.

V11 SP20

Any input appreciated…..

Best answer by Damian Andre

You can absolutely apply WORM to disk/network targets - data will be held until the retention is met. Retention cannot be lowered and jobs cannot be deleted.

https://documentation.commvault.com/commvault/v11_sp20/article?p=13938.htm

Just note the caveats, as it's generally a one-way street (which is the entire point :blush: ).

 

Also, be sure to check/enable ransomware protection which will help disable tampering with your disk library from malicious applications.

 

View original
Did this answer your question?

5 replies

Aplynx
Vaulter
Forum|alt.badge.img+13
  • Vaulter
  • 291 replies
  • February 25, 2021

dude
Byte
Forum|alt.badge.img+15
  • Byte
  • 287 replies
  • February 25, 2021

It seems like that Cloud is not a library destination for you at the moment. So I would suggest reading the papers shared previously but also taking a detailed look at the Authentication, authorization and accounting aka (AAA) framework that will give you a good understanding of what can and has to be done in your environment.

https://www.commvault.com/resources/secure-your-data-your-recovery-and-your-mission


Damian Andre
Vaulter
Forum|alt.badge.img+23
  • Vaulter
  • 1229 replies
  • Answer
  • February 25, 2021

You can absolutely apply WORM to disk/network targets - data will be held until the retention is met. Retention cannot be lowered and jobs cannot be deleted.

https://documentation.commvault.com/commvault/v11_sp20/article?p=13938.htm

Just note the caveats, as it's generally a one-way street (which is the entire point :blush: ).

 

Also, be sure to check/enable ransomware protection which will help disable tampering with your disk library from malicious applications.

 


Forum|alt.badge.img+1
  • Author
  • Bit
  • 1 reply
  • February 25, 2021

Damian,

Most helpful - exactly what I was looking for !

The Ransomware protection was already enabled on the 4 media agents attached to the disk libraries - but good to point out….

Regards,

Andy.


Damian Andre
Vaulter
Forum|alt.badge.img+23
  • Vaulter
  • 1229 replies
  • February 26, 2021
Android wrote:

Damian,

Most helpful - exactly what I was looking for !

The Ransomware protection was already enabled on the 4 media agents attached to the disk libraries - but good to point out….

Regards,

Andy.

Awesome!

 

Additionally, there is a great security assessment dashboard for Command Center in FR20 and later as well. It covers other best practices of things you can do to better secure the environment. Here is a quick video on it and here is the documentation. I think it's been improved beyond FR20 but I thought it may be helpful for you.

 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings