You can activate write once, read many (WORM) storage on a Cloud Volumes ONTAP system to retain files in unmodified form for a specified retention period. Cloud WORM storage is powered by SnapLock technology, which means WORM files are protected at the file level.
Once a file has been committed to WORM storage, it can’t be modified, even after the retention period has expired. A tamper-proof clock determines when the retention period for a WORM file has elapsed.
After the retention period has elapsed, you are responsible for deleting any files that you no longer need.
Activating WORM storage
You can activate WORM storage on a Cloud Volumes ONTAP system when you create a new working environment. This includes setting the default retention period for files.
|You can’t activate WORM storage on individual volumes—WORM must be activated at the system level.|
The following image shows how to activate WORM storage when creating a working environment:
Committing files to WORM
You can use an application to commit files to WORM over NFS or CIFS, or use the ONTAP CLI to autocommit files to WORM automatically. You can also use a WORM appendable file to retain data that is written incrementally, like log information.
After you activate WORM storage on a Cloud Volumes ONTAP system, you must use the ONTAP CLI for all management of WORM storage. For instructions, refer to ONTAP documentation.
WORM storage in Cloud Volumes ONTAP operates under a "trusted storage administrator" model. While WORM files are protected from alteration or modification, volumes can be deleted by a cluster administrator even if those volumes contain unexpired WORM data.
In addition to the trusted storage administrator model, WORM storage in Cloud Volumes ONTAP also implicitly operates under a "trusted cloud administrator" model. A cloud administrator could delete WORM data before its expiry date by removing or editing cloud storage directly from the cloud provider.
When WORM storage is activated, data tiering to object storage can’t be enabled.
Cloud Backup Service must be disabled in order to enable WORM storage.