cancel
Showing results for 
Search instead for 
Did you mean: 

Immutable storage in Flex appliances

Dav1234
Level 5

Hello experts,

We are planning to procure new appliances and we are thinking to procure 5350 flex appliance. Before reaching out to Vendor i just want to know

1.what is immutabel storage in flex appliance.

2. How How this immutable storage protect data from Ransomware attack?

3. I heard that data which is in immutabale storage cant be modified?is that right?

3 REPLIES 3

AlexNtowGH
Level 4
Partner

Hi Dav,

  1. Immutable storage means the data on the Appliance storage cannot be changed or deleted.
  2. Since the data cannot be modified or altered, it cannot be affected by a ransomware attack. Remember the date need to be altered or modified to be ransomed
  3. Correct, data on immutable storage cannot be altered, i think it will just expire! 

The Veritas appliance has more security measure than just the immutability of storage

  1. It uses a hardened RHEL version
  2. It used Symantec datacenter security to and certificates to restrict access to the data and more

Hope this helps

 

 

Hello ALex,

Data cannot be altered on immutable storage but it can be corrupt by ransomware attack? right

Further, how to configure immutable storage on existing configured appliance and is it feasible to migrate data from normal configured storage to immutable storage

paulantok
Level 4
Partner Accredited Certified

There is two lock down  modes :

WORM storage supports the following retention period modes:

 

flex Appliance lockdown mode offers additional security levels to protect your data. You can use lockdown mode to create WORM storage instances that prevent your data from being encrypted, modified, or deleted.

WORM is the acronym for Write Once Read Many. Any data that is saved on these instances is protected with the following security measures:

  • Immutability

    This protection ensures that the backup image is read-only and cannot be modified, corrupted, or encrypted after backup.

  • Indelibility

    This property protects the backup image from being deleted before it expires. The data is protected from malicious deletion.

Flex Appliance includes the following lockdown modes:

  • Normal mode

    This mode is the default mode of the appliance. Normal mode does not support WORM storage.

  • Enterprise mode

    This mode adds additional access restrictions but retains a level of flexibility. In this mode:

    • You can create WORM storage instances and also delete them, including any existing data.

    • Any administrator can delete WORM storage instances if there is no immutable data. However, only the default admin user can delete them if immutable data is present.

    • When you delete a WORM storage instance as the default admin user, the instance can be running or stopped. When you delete a WORM instance as any other user, the instance must be running so that the system can verify that there is no immutable data present.

    • To change from enterprise mode to normal mode, you must first delete all WORM storage instances.

  • Compliance mode

    This mode adds the highest level of access restrictions. In this mode:

    • You can create WORM storage instances. You can delete the instances only if there is no immutable data present.

    • Any administrator can delete WORM storage instances if there is no immutable data.

    • When you delete a WORM storage instance, the instance must be running so that the system can verify that there is no immutable data present.

    • To change from compliance mode to enterprise mode or normal mode, you must first expire all data on the WORM storage instances, and then delete the instances.

In both enterprise mode and compliance mode, storage reset is disabled.

Warning:

Lockdown mode does not block access to the remote management (IPMI) port. Veritas recommends that you set up your network to restrict access and only allow security administrators or the users that manage the physical hardware to use the port.

 

The appliance must be in lockdown mode before you can create WORM storage instances. See Changing the lockdown mode.

Please check below url for more details

https://www.veritas.com/support/en_US/doc/25074086-143197427-0/v143250065-143197427

Second Question

If you have free space in existing storage probably you can resize and recreate worm instance with enabled the lock down mode either Enterprise mode or compliance mode depending upon you requirement

Another option is if you have another media server you can duplicate current images the expire and reconfigure