Tamperproof snapshots was first supported in the SnapCenter 5.0 release. See the SnapCenter 5.0 Release Notes from March 08, 2024: SnapCenter Software 5.0 Release Notes
SnapCenter Software 5.0 Release Notes
If you search for "Tamperproof" or "TPS", you won't find anything. Searching for "SnapLock":
What’s new in SnapCenter Software 5.0
- Support for SnapLock
New or changed PowerShell cmdlets
- Cmdlet:
- Refresh-SM
- What has changed:
- New cmdlet
- Cmdlet:
- Add-SmPolicy
- What has changed:
- The following parameters are included:
- SnapLockRetentionPeriod
- SnapLockRetentionPeriodType
- PluginPolicyType UnixFileSystems
- Cmdlet:
- Set-SmPolicy
- What has changed:
- The following parameters are included:
- SnapLockRetentionPeriod
- SnapLockRetentionPeriodType
- PluginPolicyType UnixFileSystems
Limitations related to SnapLock feature
SnapCenter Software 6.0 and 6.0.1 Release Notes
Nothing additional to the above.
Other Documentation and Comments
- SnapCenter Software documentation
- Securing Microsoft SQL Server on ONTAP
- Lock a Snapshot copy for protection against ransomware attacks
- SnapLock and tamperproof snapshot copies for ransomware protection
- Snapshot copy locking
- When does ONTAP delete Tamperproof Snapshot? - NetApp Knowledge Base
- The tamperproof snapshot is auto-deleted when the next scheduled snapshot is generated after the retention period ends.
- Veeam-created FlexClones accumulate on volumes with Tamperproof snapshots enabled - NetApp Knowledge Base
- SnapMirror Snapshots build up after activating Tamperproof Snapshots in a Cascade - NetApp Knowledge Base
- Setting up Tamperproof or Snapshot locking fails for FabricPool volumes - NetApp Knowledge Base
- Snapshot Locking is not supported for FabricPool volumes
- Can anti-ransomware and tamperproof be enabled at the same time? - NetApp Knowledge Base
Note: Tamperproof snapshot does not offer the choice of Compliance and Enterprise. Mode in which it operates is more like Compliance mode except for disk level protection.
https://docs.netapp.com/us-en/ontap/snaplock/snapshot-lock-concept.html <~~ lists unsupported features
- Compliance clock. Make sure the time is correct - we cannot roll it back.
- Testing: Keep snapshot copy deletion expiration period low during testing (so it can be changed easily if required).
- Flexgroup volume can only be deleted if the root constituent volume expiry has passed.
- SnapCenter and TPS had limited supported scenarios i.e. primary only (may have changed in 6.0.1+).
Comments
Post a Comment