Are standard Snapshots and Tamperproof Snapshots considered immutable?
Applies to
- ONTAP 9
- Snapshot copies
- Autonomous Ransomware Protection (ARP)
- Tamperproof Snapshot feature
Answer
- All Snapshot types (standard, ARP, and Tamperproof) are read-only:
- Data within a Snapshot cannot be edited or modified
- Data integrity is preserved when restoring from any Snapshot
- Standard Snapshot:
- Point-in-time, read-only copy of data
- Can be deleted by an administrator with sufficient privileges
- Not considered immutable due to deletion capability
- Risk exists if administrator credentials are compromised (e.g., ransomware attack)
- ARP (Autonomous Ransomware Protection) Snapshot:
- Automatically created and retained for a defined period
- Locked during retention window
- Not based on SnapLock technology
- Provides improved protection compared to standard Snapshot but still not absolute immutability
- Tamperproof Snapshot:
- Designed to prevent deletion or modification
- Based on SnapLock technology
- Provides stronger protection against administrator-level deletion
- Suitable for use cases requiring immutability-like behavior
Additional Information
Data recovery considerations:
- All Snapshot types ensure consistent data state upon restore
- No data corruption risk from Snapshot-based recovery (use snapshots before the attack)
