SnapCenter and Tamperproof Snapshots

Tamperproof snapshots was first supported in the SnapCenter 5.0 release. See the SnapCenter 5.0 Release Notes from March 08, 2024: SnapCenter Software 5.0 Release Notes

SnapCenter Software 5.0 Release Notes

If you search for "Tamperproof" or "TPS", you won't find anything. Searching for "SnapLock":


What’s new in SnapCenter Software 5.0
- Support for SnapLock

New or changed PowerShell cmdlets

  • Cmdlet:
    • Refresh-SM
      • What has changed:
        • New cmdlet
  • Cmdlet:
    • Add-SmPolicy
      • What has changed:
        • The following parameters are included:
          • SnapLockRetentionPeriod
          • SnapLockRetentionPeriodType
          • PluginPolicyType UnixFileSystems
  • Cmdlet:
    • Set-SmPolicy
      • What has changed:
        • The following parameters are included:
          • SnapLockRetentionPeriod
          • SnapLockRetentionPeriodType
          • PluginPolicyType UnixFileSystems

Limitations related to SnapLock feature
When you perform delete resource group, delete retention, detach policy while deleting backups, and remove host operations on a resource group that has resources on different storage (snaplock storage and non-snaplock storage), backups on non-snaplock storage are not removed by the SnapCenter Server. You should manually delete the backup from storage.
It is recommended to segregate snaplock and non-snaplock databases into different resource groups.

SnapCenter Software 6.0 and 6.0.1 Release Notes

Nothing additional to the above.

Other Documentation and Comments


[Appendix: A] SCV: AFF retention is controlled by date because it is managed by SCV with “delete after X days”. But the Vault copy is based upon count, and an inexperienced admin could accidently delete months of Vault snapshots by running multiple backups on one day. Tamperproof snapshots could prevent that.

[Appendix: B] Tamperproof snapshot does not offer the choice of Compliance and Enterprise. Mode in which it operates is more like Compliance mode except for disk level protection.


[Appendix: D] Other Notes on TPS:
  • Compliance clock. Make sure the time is correct - we cannot roll it back.
  • Testing: Keep snapshot copy deletion expiration period low during testing (so it can be changed easily if required).
  • Flexgroup volume can only be deleted if the root constituent volume expiry has passed.
  • SnapCenter and TPS had limited supported scenarios i.e. primary only (may have changed in 6.0.1+).

Comments