Using object storage as a backup target
Post Reply
gnehzis
Novice
Posts: 4
Liked: 2 times
Joined: May 25, 2021 7:21 am
Full Name: Jack Wang
Contact:

Immutability for Capacity Tier

Post by gnehzis »

Would like to understand more regarding Immutability for Capacity Tier.
Understand that object lock prohibits deletion of data from the capacity extent until the immutability expiration date comes.
And we are unable to delete the backup job in Veeam during the immutability period.

The question, is it possible to delete the data directly from the object storage natively during the immutability period?
i.e, access the data using S3 browser app or login the object storage to delete the data

Mildur
Veeam Legend
Posts: 1672
Liked: 673 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: St. Gallen, Switzerland
Contact:

Re: Immutability for Capacity Tier

Post by Mildur » 1 person likes this post

The question, is it possible to delete the data directly from the object storage natively during the immutability period?
Definitely not. The sole purpose with object lock feature is to prevent that. If the object lock/immutable flag is developed correctly by your S3 Vendor/Service Provider, he and you will not be able to delete the offloaded objects. If that would be possible, any certification for WORM functionality would be meaningless.

You can delete your backup job, but you cant delete your Restore Points.

The only thing that should works, is to take a hammer and smash the harddrives in the object storage. All of them.
Physical damage :)
VMCE 2021 | Veeam Legends 2021
Working with Veeam since 2017 for a VCSP in Switzerland

Gostev
SVP, Product Management
Posts: 29090
Liked: 5356 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Immutability for Capacity Tier

Post by Gostev »

Most S3 object storage vendors provide two locking modes called Governance and Compliance.

When using the Governance mode for locking, "root" account can still delete the locked data the way you explained.
Veeam uses the Compliance mode though, which prevents locked data deletion by anyone at all.

Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests