SnapLock feature in ONTAP 9
What is SnapLock?
SnapLock feature is now introduced in clustered Data ONTAP with ONTAP 9 release. It is a high performance compliance solution that provides capability of data retention and WORM protection for retained data. SnapLock creates non-modifiable and non-erasable volumes to prevent files from being altered or deleted until a set retention date. It has file-level retention for CIFS and NFS.
How to enable this feature?
It is a license-based feature with 2 flavors: Enterprise and Compliance.
- SnapLock Compliance (SLC) implements strict regulatory requirements for data retention such as SEC 17a-4. Volumes committed to SnapLock Compliance cannot be altered or modified and can only be deleted after it has passed the retention period and has been deleted by archival application.
- SnapLock Enterprise (SLE) implements best practices guidelines for protecting digital asset with WORM type data storage. Data stored on SnapLock enterprise volume cannot be altered or modified. Data stored is not for strict regulatory compliance. Also the SnapLock enterprise data can be destroyed by administrator with root privileges on storage system that hosts the SnapLock enterprise volume prior to the end of the retention period.
|SnapLock Compliance||SnapLock Enterprise|
|Destroy SnapLock aggregate and volume during retention period||No||Yes|
|Rename an aggregate or volume||No||Yes|
|Non-NetApp Disks support||No||Yes (with FlexArray Virtualization)|
|Use SnapLock volume for audit logging||Yes||No|
|Single file snap restore||No||Yes|
How is the retention period determined?
SnapLock relies on ComplianceClock service in clustered Data ONTAP which is a software-based tamper-resistant clock. ComplianceClock can be initialized only once by the administrator after which it operates based on hardware ticks. Once initialized, the administrator cannot perform any action that will cause forward adjustment. This ensures that the retention period of WORM files can never be shortened by doing forward adjustments of the reference clock.
There are 2 types of ComplianceClocks:
System ComplianceClock (SCC) is maintained per node. ComplianceClock can be initialized only once per node.
Volume ComplianceClock (VCC) is the individual ComplianceClock for each SnapLock volume. All retention decisions related to data in a particular SnapLock volume are taken based on VVC of that volume. VCCs of all SnapLock volumes run independently of each other. VCC is initialized when the SnapLock volume is created. VCC takes its initial value from SCC and can never be altered. SCC needs to be initialized before creating SnapLock volumes.
What are the values available for retention period?
Each SnapLock volume can have individual retention period. ONTAP 9 enforces retention until retention period ends. After the retention period, records can be deleted but not modified. ONTAP 9 does not automatically delete any record. All records must be deleted manually or using an application. Retention period is calculated based on VCC. You can extend the retention period to a future date or infinite, but never decrease it. SLC or SLE volume has 3 retention periods: minimum retention period, maximum retention period, and default retention period.
Snaplock-minimum period: File is committed with at least this much retention period on a SnapLock volume. Administrator can increase it any time. However, changing this value will not affect the retention period of existing WORM files. Default value for snaplock-minimum-period for SLE and SLC is 0 years.
Snaplock-maximum-period: Limits the max amount of retention period while committing files to WORM state. When a user is extending the retention period of the WORM file, this value is ignored. Changing the value will not affect the retention periods of existing WORM files.
Default value of snaplock-maximum-periods for SLE and SLC is 30 years.
Snaplock-default-period: Default retention period is used to compute retention time while committing WORM file if retention time is not set explicitly. There are 2 ways to specify the retention time of a WORM file:
Using NFS/CIFS setattr operation to set file atime
In case retention time (file atime) is not set before committing the file to WORM, SnapLock uses volume's snaplock-default-period to set the retention time.
What are some other features of SnapLock?
- Autocommit: SnapLock autocommit feature automatically commits files to WORM state if the file is not changed during specified autocommit period and it is set at the volume level. If the SnapLock volume goes offline or in the restricted state, this feature gets disabled. It is enabled automatically when the volume becomes online again.
- Privilege delete is only available with SLE volume and it allows privileged user to delete a file before it reaches its retention period. This feature needs SnapLock audit log to be configured. The deletion is logged in audit file on SLC log volume for tracking purposes.
- WORM appendable file: WORM append feature allows one to create WORM file and append data to it. The data is added in the chunks of 256K and this size cannot be changed.
- File fingerprint captures file related metadata and calculates hash digest over file's data and metadata using standard hash algorithm such as MD5 and SHA-256. This enables users to verify the integrity of the file. SnapLock does not store any file fingerprints data on the disk, but it is exported externally using ONTAP CLI or ZAPI.
- Committing files to WORM: You can use an application to commit files to WORM over NFS or CIFS or use SnapLock autocommit feature. Use a WORM append file to retain data that is written incrementally like log information or file metadata.
- Data protection: You can use SnapLock for SnapVault to WORM-protect snapshot copies on secondary storage. You can use SnapMirror to replicate WORM files to another location for disaster recovery.
Note: From ONTAP 9.5 and later, either a SnapLock Enterprise volume or a SnapLock Compliance volume can be used for audit logging.