WORM storage
You can activate write once, read many (WORM) storage on a Cloud Volumes ONTAP system to retain files in unmodified form for a specified retention period. Cloud WORM storage is powered by SnapLock technology, which means WORM files are protected at the file level.
The WORM feature is available for use with bring your own license (BYOL) and marketplace subscriptions for your licenses at no additional cost. Contact your NetApp sales representative to add WORM to your current license.
How WORM storage works
Once a file has been committed to WORM storage, it can't be modified, even after the retention period has expired. A tamper-proof clock determines when the retention period for a WORM file has elapsed.
After the retention period has elapsed, you are responsible for deleting any files that you no longer need.
Activating WORM storage
How you activate WORM storage depends on the Cloud Volumes ONTAP version that you're using.
Version 9.10.1 and later
Beginning with Cloud Volumes ONTAP 9.10.1, you have the option to enable or disable WORM at the volume level.
When you create a new Cloud Volumes ONTAP working environment, you're prompted to enable or disable WORM storage:
-
If you enable WORM storage when creating a working environment, every volume that you create from BlueXP has WORM enabled. But you can use ONTAP System Manager or the ONTAP CLI to create volumes that have WORM disabled.
-
If you disable WORM storage when creating a working environment, every volume that you create from BlueXP, ONTAP System Manager, or the ONTAP CLI has WORM disabled.
Version 9.10.0 and earlier
You can activate WORM storage on a Cloud Volumes ONTAP system when you create a new working environment. Every volume that you create from BlueXP has WORM enabled. You can't disable WORM storage on individual volumes.
Committing files to WORM
You can use an application to commit files to WORM over NFS or CIFS, or use the ONTAP CLI to autocommit files to WORM automatically. You can also use a WORM appendable file to retain data that is written incrementally, like log information.
After you activate WORM storage on a Cloud Volumes ONTAP system, you must use the ONTAP CLI for all management of WORM storage. For instructions, refer to ONTAP documentation.
Enabling WORM on a Cloud Volumes ONTAP working environment
You can enable WORM storage when creating a Cloud Volumes ONTAP working environment on BlueXP. You can also enable WORM on a working environment if WORM is not enabled on it during creation. After you enable it, you cannot disable WORM.
-
WORM is supported on ONTAP 9.10.1 and later.
-
WORM with backup is supported on ONTAP 9.11.1 and later.
-
On the Canvas page, double-click the name of the working environment on which you want to enable WORM.
-
On the Overview tab, click the Features panel and then click the pencil icon next to WORM.
If WORM is already enabled on the system, the pencil icon is disabled.
-
On the WORM page, set the retention period for the cluster Compliance Clock.
For more information, refer to ONTAP documentation: Initialize the Compliance Clock.
-
Click Set.
You can verify the status of WORM on the Features panel.
After WORM is enabled, the SnapLock license is automatically installed on the cluster. You can view the SnapLock license on ONTAP System Manager.
Deleting WORM files
You can delete WORM files during the retention period using the privileged delete feature.
For instructions, refer to ONTAP documentation.
WORM and data tiering
When you create a new Cloud Volumes ONTAP 9.8 system or later, you can enable both data tiering and WORM storage together. Enabling data tiering with WORM storage allows you to tier the data to an object store in the cloud.
You should understand the following about enabling both data tiering and WORM storage:
-
Data that is tiered to object storage doesn't include the ONTAP WORM functionality. To ensure end-to-end WORM capability, you'll need to set up the bucket permissions correctly.
-
The data that is tiered to object storage doesn't carry the WORM functionality, which means technically anyone with full access to buckets and containers can go and delete the objects tiered by ONTAP.
-
Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering.
Limitations
-
WORM storage in Cloud Volumes ONTAP operates under a "trusted storage administrator" model. While WORM files are protected from alteration or modification, volumes can be deleted by a cluster administrator even if those volumes contain unexpired WORM data.
-
In addition to the trusted storage administrator model, WORM storage in Cloud Volumes ONTAP also implicitly operates under a "trusted cloud administrator" model. A cloud administrator could delete WORM data before its expiry date by removing or editing cloud storage directly from the cloud provider.