You can activate write once, read many (WORM) storage on a Cloud Volumes ONTAP system to retain files in unmodified form for a specified retention period. Cloud WORM storage is powered by SnapLock technology, which means WORM files are protected at the file level.
How WORM storage works
Once a file has been committed to WORM storage, it can’t be modified, even after the retention period has expired. A tamper-proof clock determines when the retention period for a WORM file has elapsed.
After the retention period has elapsed, you are responsible for deleting any files that you no longer need.
Activating WORM storage
How you activate WORM storage depends on the Cloud Volumes ONTAP version that you’re using.
Version 9.10.1 and later
Starting with Cloud Volumes ONTAP 9.10.1, you have the option to enable or disable WORM at the volume level.
When you create a new Cloud Volumes ONTAP working environment, you’re prompted to enable or disable WORM storage:
If you enable WORM storage when creating a working environment, every volume that you create from BlueXP has WORM enabled. But you can use System Manager or the CLI to create volumes that have WORM disabled.
If you disable WORM storage when creating a working environment, every volume that you create from BlueXP, System Manager, or the CLI has WORM disabled. If you want to enable WORM on a Cloud Volumes ONTAP working environment that was not enabled during creation, you must create a support ticket with NetApp support for assistance.
With either option, you should understand how charging works.
Version 9.10.0 and earlier
You can activate WORM storage on a Cloud Volumes ONTAP system when you create a new working environment. Every volume that you create from BlueXP has WORM enabled. You can’t disable WORM storage on individual volumes.
Charging for WORM storage is hourly, according to the total provisioned capacity of WORM volumes.
You should understand the following charging behavior with Cloud Volumes ONTAP 9.10.1 and later:
Beginning with ONTAP 9.10.1, WORM volumes and non-WORM volumes can exist on the same aggregate.
If you enable WORM when you create a Cloud Volumes ONTAP working environment, every volume that you create from BlueXP has WORM enabled. However, you can use the ONTAP CLI or System Manager to create volumes that have WORM disabled. Those volumes are not charged at the WORM rate.
If you don’t enable WORM when you create a working environment, every volume that you create from BlueXP has WORM disabled. You are not charged at the WORM rate for those volumes.
Committing files to WORM
You can use an application to commit files to WORM over NFS or CIFS, or use the ONTAP CLI to autocommit files to WORM automatically. You can also use a WORM appendable file to retain data that is written incrementally, like log information.
After you activate WORM storage on a Cloud Volumes ONTAP system, you must use the ONTAP CLI for all management of WORM storage. For instructions, refer to ONTAP documentation.
WORM and data tiering
When you create a new Cloud Volumes ONTAP 9.8 system or later, you can enable both data tiering and WORM storage together. Enabling data tiering with WORM storage allows you to tier the data to an object store in the cloud.
You should understand the following about enabling both data tiering and WORM storage:
Data that is tiered to object storage doesn’t include the ONTAP WORM functionality. To ensure end-to-end WORM capability, you’ll need to set up the bucket permissions correctly.
The data that is tiered to object storage doesn’t carry the WORM functionality, which means technically anyone with full access to buckets and containers can go and delete the objects tiered by ONTAP.
Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering.
WORM storage in Cloud Volumes ONTAP operates under a "trusted storage administrator" model. While WORM files are protected from alteration or modification, volumes can be deleted by a cluster administrator even if those volumes contain unexpired WORM data.
In addition to the trusted storage administrator model, WORM storage in Cloud Volumes ONTAP also implicitly operates under a "trusted cloud administrator" model. A cloud administrator could delete WORM data before its expiry date by removing or editing cloud storage directly from the cloud provider.