Release notes
Modify options for automatic Snapshot copies
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.11.1, you can use the CLI to control the retention settings for Autonomous Ransomware Protection (ARP) Snapshot copies that are automatically generated in response to suspected ransomware attacks.
You can only modify ARP Snapshots options on a node SVM.
-
To show all current ARP Snapshot copy settings, enter:
vserver options -vserver svm_name arw*
The vserver optionscommand is a hidden command. To view the man page, enterman vserver optionsat the ONTAP CLI. -
To show selected current ARP Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name -
To modify ARP Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name -option-value arw_setting_valueThe following settings are modifiable:
ARW setting Description arw.snap.max.countSpecifies the maximum number of ARP Snapshot copies that can exist in a volume at any given time. Older copies are deleted to ensure that the total number of ARP Snapshot copies are within this specified limit.
The-option-valueparameter accepts integers between 3 and 8, inclusive. The default value is 6.arw.snap.create.interval.hoursSpecifies the interval in hours between ARP Snapshot copies. A new ARP Snapshot copy is created when an data entropy-based attack is suspected and the most recently created ARP Snapshot copy is older than the specified interval.
The-option-valueparameter accepts integers between 1 and 48, inclusive. The default value is 4.arw.snap.normal.retain.interval.hoursSpecifies the duration in hours for which an ARP Snapshot copy is retained. When an ARP Snapshot copy reaches the retention threshold, any other ARP Snapshots copy created before it is deleted. No more than one ARP Snapshot copy older than the retention threshold can exist.
The-option-valueparameter accepts integers between 4 and 96, inclusive. The default value is 48.arw.snap.max.retain.interval.daysSpecifies the maximum duration in days for which an ARP Snapshot copy can be retained. Any ARP Snapshot copy older than this duration is deleted when there is no attack reported on the volume.
The maximum retention interval for ARP Snapshot copies is ignored if a moderate threat is detected. The ARP Snapshot copy created in response to the threat is retained until you have responded to the threat. Marking a threat as a false positive delete the ARP Snapshot copies on the volume.
The-option-valueparameter accepts integers between 1 and 365, inclusive. The default value is 5.arw.snap.create.interval.hours.post.max.countSpecifies the interval in hours between ARP Snapshot copies when the volume already contains the maximum number of ARP Snapshot copies. When the maximum number is reached, an ARP Snapshot copy is deleted to make room for a new copy. The new ARP Snapshot copy creation speed can be reduced to retain the older copy using this option. If the volume already contains the maximum number of ARP Snapshot copies, the interval specified in this option is used for next ARP Snapshot copy creation, instead of
arw.snap.create.interval.hours.
The-option-valueparameter accepts integers between 4 and 48, inclusive. The default value is 8.arw.surge.snap.interval.daysSpecifies the interval in days between ARP Snapshot copies created in response to IO surges. ONTAP creates an ARP Snapshot surge copy when there's a surge in IO traffic and the last created ARP Snapshot copy is older than this specified interval. This option also specifies retention period in day for an ARP surge Snapshot copies.
The-option-valueparameter accepts integers between 1 and 365, inclusive. The default value is 5.arw.snap.new.extns.interval.hoursThis option specifies the interval in hours between the ARP Snapshot copies created when a new file extension is detected. A new ARP Snapshot copy is created when
a new file extension is observed; the previous Snapshot created upon observing a new file extension is older than this specified interval. On a workload that frequently creates new file extensions, this interval helps in controlling the frequency of the ARP Snapshot copies. This option exists independent ofarw.snap.create.interval.hours, which specifies the interval for data entropy-based ARP Snapshot copies.
The-option-valueparameter accepts integers between 24 and 8760. The default value is 48.