Skip to main content
Question

Need help to decide between external replica and WORM

  • February 17, 2026
  • 2 replies
  • 20 views

Forum|alt.badge.img+1

We’re currently in the process of doing a major upgrade of our Commvault setup - both software version and hardware, and are looking at ways to improve things. None of us are seasoned Commvault admins - I did a course before starting a couple of years ago, only to find that much was irrelevant as the course focused on the webGUI and Plans, while the existing setup turned out to be “old style”. I’ve also had a lot of other stuff on my plate, so there has been little time to do much self study...

So we’re taking this opportunity to build the setup from scratch. One of the areas we want to improve is protection against malicious or accidental deletion. The old setup does create aux copies to an offsite disk library, but as both primary and secondary libraries are permanently mounted via iSCSI it would be trivial to obliterate everything… an “interesting” fact here is that the previous incarnation of the setup used NetApp for storage, and SnapMirror to create offsite replicas - so in some ways the current setup was a downgrade.

Now my initial thought was to go back to the storage-based replication, and to make the replica available read-only as an “external replica”, but I am unsure if that is the best solution. We’re running dedup, and are getting roughly 4:1 ratios, so that’s not something we want to switch off - not least with respect to capacity licensing. How well does an external replica setup work with respect to the DDB though? How can the DDB and external replica be kept in sync; how to best keep an offsite copy of the DDB… and what would it look like if we did lose the Commserve/primary MA?

Our new storage does have WORM capability (Linux-based NAS), so one alternative is to use that and create the replica using the MA at the “offsite” location; this MA will also (eventually) be connected to a tape library. It is my understanding that this would eliminate DDB synchronisation issues, though the isolation of the secondary copy will rely on the WORM capability alone. I should also mention that for the new setup we will be using SMB instead of iSCSI, since iSCSI performance turned out to be quite bad compared to SMB, and Windows CacheManager would gladly cache 200GB of data and report the writes as complete, with data trickling out for several minutes before the write was *actually* completed...

Right now I’m starting to lean towards the offsite MA/WORM alternative, but I would really like some advice on pros and cons, and if there are other alternatives that should be considered. Note that this is all in an “OT” environment (“Operational Technology”), so anything requiring internet access is a no-go.

2 replies

Scott Moseman
Vaulter
Forum|alt.badge.img+23

I’m not exactly sure I understand your old or new configurations, but I do keep seeing the words replica and replication.  As a paranoid backup admin, I strongly avoid storage-level replication as an option for data protection.  Replication is for HA and maybe DR, but definitely not a solution to protect your data from attack or deletion.

You’re on the right track with WORM.  Write primary backups to storage and use Aux Copy to create an independent, secondary copy.  This second copy is where you enable WORM.  Bonus points if you use a different storage provider (remember, I’m paranoid).

Understand enabling WORM on the second copy will increase storage consumption 2-3x due to macro pruning of the data.  Alternatively you can use Commvault’s AGP (cloud) or HyperScale products which would only require the standard 1x consumption.

Thanks,
Scott
 


Forum|alt.badge.img+1
  • Author
  • Novice
  • February 18, 2026

I’m not exactly sure I understand your old or new configurations, but I do keep seeing the words replica and replication.  As a paranoid backup admin, I strongly avoid storage-level replication as an option for data protection.  Replication is for HA and maybe DR, but definitely not a solution to protect your data from attack or deletion.

In my haste I forgot to mention that the plan was to also use snapshots on the storage as additional protection against deletion, since these would be invisible to the MA, and also be replicated to the secondary site. So the replication is for protection against hardware failure, with snapshots used to have a fallback in case of (un)intentional deletion. I do realize it probably only complicates the DDB sync issue though.

As for the old and new configurations: Old configuration is simply two NAS units exporting their storage via iSCSI to the main Commserve/MA. One NAS unit is located at the secondary site, with the rest in the main datacentre. This means that we only have HW failure protection, since everything is writable from the main Commserve/MA.

The new hardware is pretty much the same, the main difference being that the new NAS systems offer WORM capability, and we’re planning for a MA at the secondary site to handle a tape library (for “proper” offline copies). With the new HW however we do not plan to mount both NAS systems R/W to the Commserve/MA, but rather have the NAS at the secondary site either get its copies of the backup data through replication (including snapshots) from the primary NAS, or mounting it as a WORM library either directly or via the same MA that will handle the tape library and use aux copy.

Understand enabling WORM on the second copy will increase storage consumption 2-3x due to macro pruning of the data.  Alternatively you can use Commvault’s AGP (cloud) or HyperScale products which would only require the standard 1x consumption.


Yes, I do realize WORM comes with the cost of additional storage consumption, though I would expect the impact to be lower if WORM retention is shorter than backup retention, right? If backup retention is 30 days for dailies, and WORM retention say, three weeks, how much would that impact storage consumption? And a thought that just occured to me: Would storage system deduplication counter some of the extra storage consumption? I guess that might also depend on the exact implementation of WORM and dedup on the storage system… 

As I mentioned, anything to do with cloud is a non-starter - this is a pretty locked-down environment as it touches on safety-critical systems for processing plants, so nothing is allowed to even think about reaching out to the internet (as such the whole ransomware threat should be mostly negated, but paranoia can be good 😎 ).

I’m not familiar with the Hyperscale products - a quick skim through the “X” variant product brief seems to indicate any cloud connection is optional, but for now we have the HW we have (though with one extra MA for handling a tape library at the secondary site in the pipeline).

My main question remains though: How is the DDB best handled to make recovery from the aux copy as quick and painless as possible?