How does the "retention period" parameter in an ONTAP 9 SnapMirror policy rule work?

Applies to

• ONTAP 9.11.1 and later
• SnapMirror
• DataLock / Immutable Cloud Snapshots
• SnapLock Tamperproof Snapshots

Answer

There are two solutions that utilize the retention-period parameter in a SnapMirror Policy rule:

1. DataLock / Immutable Cloud Snapshots in "vault" type SnapMirror Policies in ONTAP 9.11.1 and later

• In ONTAP 9.11.1 and later, the retention-period parameter is used in "vault" type SnapMirror Policy rules by BlueXP Cloud Backup for use with DataLock
• DataLock allows Snapshots backed up to the destination object-store to be locked from deletion or modification for a certain period of time
• When used for DataLock, the retention-period parameter should never be modified manually
• DataLock and its associated settings should always be configured through BlueXP or another licensed partner's backup application
• For more details, see DataLock and Ransomware protection

2. SnapLock tamperproof Snapshots in "mirror-vault" type SnapMirror Policies in ONTAP 9.12.1 and later

• In ONTAP 9.12.1 and later, The retention-period parameter in a SnapMirror Policy rule is used with the SnapLock Tamperproof Snapshots feature 
• This parameter is seen when running snapmirror policy show -instance and when adding or modifying SnapMirror Policy rules with snapmirror policy add-rule and snapmirror policy modify-rule for mirror-vault type SnapMirror Policies (Unified Replication)
  • This parameter is not supported for other SnapMirror policy types for use with SnapLock Tamperprood Snapshots

ClusterA::> snapmirror policy show -policy MirrorAndVault -instance

                      Vserver: ClusterA
       SnapMirror Policy Name: MirrorAndVault
       SnapMirror Policy Type: mirror-vault
                 Policy Owner: cluster-admin
                  Tries Limit: 8
            Transfer Priority: normal
    Ignore accesstime Enabled: false
      Transfer Restartability: always
  Network Compression Enabled: false
              Create Snapshot: true
                      Comment: A unified Asynchronous SnapMirror and SnapVault policy for mirroring the latest active file system and daily and weekly Snapshot copies.
        Total Number of Rules: 3
                   Total Keep: 60
       Transfer Schedule Name: -
                     Throttle: unlimited

 Rules:
 SnapMirror Label       Keep Preserve Warn Schedule Prefix     Retention Period
 ---------------------- ---- -------- ---- -------- ---------- ----------------
 sm_created                1 false       0 -        -                         -
 daily                     7 false       0 -        -                         -
 weekly                   52 false       0 -        -                         -

• When configuring a mirror-vault type SnapMirror Policy (Unified Replication), this parameter controls how long Snapshots backed up by the SnapMirror relationship are retained and protected against ransomware and malicious admins
• Snapshots with a retention period cannot be deleted by any means until the retention period is met; there are no backdoors
• Retention period takes precedence over the Snapshot's keep value in the SnapMirror Policy
• For async-mirror type SnapMirror Policies, the retention period of a Snapshot is the same as that of the source-side Snapshot's retention period

Additional Information

• For more information about DataLock, see DataLock and Ransomware protection
• For more information about SnapLock Tamperproof Snapshots, see Tamperproof Snapshot copy locking overview