Skip to main content
commvault.com commvault.com
Answer

Immutable Backup Images

  • February 25, 2021
  • 5 replies
  • 3145 views
A
Bit
Forum|alt.badge.img+1

We currently have a ‘dual-site’ scenario - each with 2 media agents attached to a Dell/EMC ME4084 disk library.  Commvault is configured with a CommCell in each site - with failover enabled.  Backup images are secured in each local site and then a secondary copy replicated to the alternate site.

As I am sure is common - the questions are being raised around immutable backups in this CV environment

I have seen documentation regarding immutability of cloud based backups, and discussions of WORM technology - but am unsure as to what applies to us here with our CommVault / disk library configuration.

V11 SP20

Any input appreciated…..

Best answer by Damian Andre

You can absolutely apply WORM to disk/network targets - data will be held until the retention is met. Retention cannot be lowered and jobs cannot be deleted.

https://documentation.commvault.com/commvault/v11_sp20/article?p=13938.htm

Just note the caveats, as it's generally a one-way street (which is the entire point :blush: ).

 

Also, be sure to check/enable ransomware protection which will help disable tampering with your disk library from malicious applications.

 

5 replies

Aplynx
Vaulter
Forum|alt.badge.img+13
  • AplynxVaulter
  • Vaulter
  • February 25, 2021

I believe Amazon Immutable will be available in SP22

https://www.commvault.com/resources/greater-ransomware-protection-with-data-isolation-and-air-gap-technologies

https://documentation.commvault.com/11.22/expert/9251_configuring_worm_storage_mode_on_cloud_storage.html

Liam
dude
Byte
Forum|alt.badge.img+16
  • dude
  • Byte
  • February 25, 2021

It seems like that Cloud is not a library destination for you at the moment. So I would suggest reading the papers shared previously but also taking a detailed look at the Authentication, authorization and accounting aka (AAA) framework that will give you a good understanding of what can and has to be done in your environment.

https://www.commvault.com/resources/secure-your-data-your-recovery-and-your-mission

Damian Andre
Damian Andre
Vaulter
Forum|alt.badge.img+23
  • Damian AndreVaulter
  • Vaulter
  • Answer
  • February 25, 2021

You can absolutely apply WORM to disk/network targets - data will be held until the retention is met. Retention cannot be lowered and jobs cannot be deleted.

https://documentation.commvault.com/commvault/v11_sp20/article?p=13938.htm

Just note the caveats, as it's generally a one-way street (which is the entire point :blush: ).

 

Also, be sure to check/enable ransomware protection which will help disable tampering with your disk library from malicious applications.

 

Mike Struening
dude
A
A
Bit
Forum|alt.badge.img+1
  • Android
  • Author
  • Bit
  • February 25, 2021

Damian,

Most helpful - exactly what I was looking for !

The Ransomware protection was already enabled on the 4 media agents attached to the disk libraries - but good to point out….

Regards,

Andy.

Damian Andre
Damian Andre
Vaulter
Forum|alt.badge.img+23
  • Damian AndreVaulter
  • Vaulter
  • February 26, 2021

Damian,

Most helpful - exactly what I was looking for !

The Ransomware protection was already enabled on the 4 media agents attached to the disk libraries - but good to point out….

Regards,

Andy.

Awesome!

 

Additionally, there is a great security assessment dashboard for Command Center in FR20 and later as well. It covers other best practices of things you can do to better secure the environment. Here is a quick video on it and here is the documentation. I think it's been improved beyond FR20 but I thought it may be helpful for you.

 

Terms & ConditionsCookie settingsAccessibility statement