Modify options for automatic Snapshot copies

Contributors netapp-forry

Beginning with ONTAP 9.11.1, you can control the number and retention period for anti-ransomware (ARW) Snapshot copies that are automatically generated in response to suspected ransomware attacks.

Note: The vserver options command is a hidden command. To view the man page, enter man vserver options at the ONTAP CLI.

The following options for automatic Snapshot copies can be modified:

arw.snap.max.count

Specifies the maximum number of ARW Snapshot copies that can exist in a volume at any given time. Older copies are deleted to ensure that the total number of ARW Snapshot copies are within this specified limit.

arw.snap.create.interval.hours

Specifies the interval (in hours) between ARW Snapshot copies. A new Snapshot copy will be created when an attack is suspected and the copy created previously is older than this specified interval.

arw.snap.normal.retain.interval.hours

Specifies the duration (in hours) for which an ARW Snapshot copy is retained. When an ARW Snapshot copy becomes this old, any other ARW Snapshot copy created before the latest copy to reach this age is deleted. No ARW Snapshot copy can be older than this duration.

arw.snap.max.retain.interval.days

Specifies the maximum duration (in days) for which an ARW Snapshot copy can be retained. Any ARW Snapshot copy older than this duration will be deleted if there is no attack reported on the volume.

arw.snap.create.interval.hours.post.max.count

Specifies the interval (in hours) between ARW Snapshot copies when the volume already contains the maximum number of ARW Snapshot copies. When the maximum number is reached, an ARW Snapshot copy is deleted to make room for a new copy. The new ARW Snapshot copy creation speed can be reduced to retain the older copy using this option. If the volume already contains maximum number of ARW Snapshot copies, then this interval specified in this option is used for next ARW Snapshot copy creation, instead of arw.snap.create.interval.hours.

arw.surge.snap.interval.days

Specifies the interval (in days) between ARW surge Snapshot copies. A new ARW Snapshot surge copy is created when there is a surge in IO traffic and the last created ARW Snapshot copy is older than this specified interval. This option also specifies the duration (in days) for which an ARW surge Snapshot copy is retained.

CLI procedure

To show all current ARW Snapshot copy settings, enter:
vserver options -vserver svm_name arw*

To show selected current ARW Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name

To modify ARW Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name -option-value arw_setting_value