Modify options for automatic Snapshot copies
Beginning with ONTAP 9.11.1, you can control the number and retention period for anti-ransomware (ARW) Snapshot copies that are automatically generated in response to suspected ransomware attacks.
Note: The vserver options
command is a hidden command. To view the man page, enter man vserver options
at the ONTAP CLI.
The following options for automatic Snapshot copies can be modified:
- arw.snap.max.count
-
Specifies the maximum number of ARW Snapshot copies that can exist in a volume at any given time. Older copies are deleted to ensure that the total number of ARW Snapshot copies are within this specified limit.
- arw.snap.create.interval.hours
-
Specifies the interval (in hours) between ARW Snapshot copies. A new Snapshot copy will be created when an attack is suspected and the copy created previously is older than this specified interval.
- arw.snap.normal.retain.interval.hours
-
Specifies the duration (in hours) for which an ARW Snapshot copy is retained. When an ARW Snapshot copy becomes this old, any other ARW Snapshot copy created before the latest copy to reach this age is deleted. No ARW Snapshot copy can be older than this duration.
- arw.snap.max.retain.interval.days
-
Specifies the maximum duration (in days) for which an ARW Snapshot copy can be retained. Any ARW Snapshot copy older than this duration will be deleted if there is no attack reported on the volume.
- arw.snap.create.interval.hours.post.max.count
-
Specifies the interval (in hours) between ARW Snapshot copies when the volume already contains the maximum number of ARW Snapshot copies. When the maximum number is reached, an ARW Snapshot copy is deleted to make room for a new copy. The new ARW Snapshot copy creation speed can be reduced to retain the older copy using this option. If the volume already contains maximum number of ARW Snapshot copies, then this interval specified in this option is used for next ARW Snapshot copy creation, instead of arw.snap.create.interval.hours.
- arw.surge.snap.interval.days
-
Specifies the interval (in days) between ARW surge Snapshot copies. A new ARW Snapshot surge copy is created when there is a surge in IO traffic and the last created ARW Snapshot copy is older than this specified interval. This option also specifies the duration (in days) for which an ARW surge Snapshot copy is retained.
CLI procedure
To show all current ARW Snapshot copy settings, enter:
vserver options -vserver svm_name arw*
To show selected current ARW Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name
To modify ARW Snapshot copy settings, enter:
vserver options -vserver svm_name -option-name arw_setting_name -option-value arw_setting_value