Committing files to WORM state - FSx for ONTAP
AutocommitVolume-append modeEvent-based retention (EBR)Legal Hold
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Committing files to WORM state

This section discusses how you can transition your files to a write once, read many (WORM) state. It also discusses volume-append mode, which is a way to write data incrementally to WORM-protected files.

Autocommit

You can use autocommit to transition files to WORM if they haven't been modified for a period of time that you specify. You can turn on autocommit with the Amazon FSx console, the Amazon CLI, the Amazon FSx API, and the ONTAP CLI and REST API.

You can specify an autocommit period between five minutes and 10 years. The following table lists the specific ranges that are supported.

Unit Value

Minutes

5 - 65,535

Hours

1 - 65,535

Days

1 - 3,650

Months

1 - 120

Years

1 - 10

To turn on autocommit with the Amazon FSx API, use AutocommitPeriod in the CreateSnaplockConfiguration.

The following procedure explains how to turn on autocommit on the Amazon FSx console.

To turn on autocommit on the Amazon FSx console

  1. Open the Amazon FSx console at https://console.amazonaws.cn/fsx/.

  2. Follow the procedure for creating a new volume in Creating volumes.

  3. In the Advanced section, for SnapLock Configuration, choose Enabled.

    Select the check box to acknowledge the warning about enabling SnapLock on the volume.

  4. For Autocommit, choose Enabled.

  5. For Autocommit period, enter a value and choose a corresponding Autocommit unit.

    You can specify a value between 5 minutes and 10 years.

  6. Follow the rest of the procedure for creating a new volume in Creating volumes.

  7. Choose Confirm to create the volume.

Volume-append mode

You can't modify existing data in a WORM-protected file. However, SnapLock allows you to maintain protection for existing data using WORM-appendable files. For example, you can generate log files or preserve audio or video streaming data while writing data to them incrementally. You can turn volume-append mode on or off with the Amazon FSx console, the Amazon CLI, the Amazon FSx API, and the ONTAP CLI and REST API.

Requirements for updating volume-append mode

  • The SnapLock volume must be unmounted.

  • The SnapLock volume must be empty of snapshot copies and user data.

To turn on volume-append mode with the Amazon FSx API, use VolumeAppendModeEnabled in the CreateSnaplockConfiguration.

The following procedure explains how to turn on volume-append mode on the Amazon FSx console.

To turn on volume-append mode on the Amazon FSx console

  1. Open the Amazon FSx console at https://console.amazonaws.cn/fsx/.

  2. Follow the procedure for creating a new volume in Creating volumes.

  3. In the Advanced section, for SnapLock Configuration, choose Enabled.

    Select the check box to acknowledge the warning about enabling SnapLock on the volume.

  4. For Volume append mode, choose Enabled.

  5. Follow the rest of the procedure for creating a new volume in Creating volumes.

  6. Choose Confirm to create the volume.

Event-based retention (EBR)

You can use event-based retention (EBR) to create custom policies with associated retention periods. For example, you can transition all files in a specified path to WORM and set the retention period for one year with the snaplock event-retention policy create and snaplock event-retention apply commands. When you use EBR, you must specify a volume, directory, or file. The retention period that you select when you create the EBR policy is applied to all files in the specified path.

EBR is supported by the ONTAP CLI and REST API.

Note

ONTAP doesn't support EBR with FlexGroup volumes.

The following procedures explain how to create, apply, modify, and delete an EBR policy. You must be a SnapLock administrator (have the vsadmin-snaplock role) to complete these tasks in the ONTAP CLI. For more information, see SnapLock administrator.

To create an EBR policy in the ONTAP CLI

Run the following command. Replace p1 and "10 years" with your own information. 

vs1::> snaplock event-retention policy create -name p1 -retention-period "10 years"

To apply an EBR policy in the ONTAP CLI

Run the following command. Replace p1 and slc with your own information. You can add a path after the forward slash (/) if you want to specify a particular path for the EBR policy. Otherwise, this command applies the EBR policy to all files on the volume. 

vs1::> snaplock event-retention apply -policy-name p1 -volume slc -path /

To modify an EBR policy in the ONTAP CLI

Run the following command. Replace p1 and "5 years" with your own information. 

vs1::> snaplock event-retention policy modify -name p1 -retention-period "5 years"

To delete an EBR policy in the ONTAP CLI

Run the following command. Replace p1 with your own information. 

vs1::> snaplock event-retention policy delete -name p1

Related commands in the NetApp Documentation Center:

You can retain WORM files for an indefinite period of time using Legal Hold. Legal Hold is generally used for litigation purposes. A WORM file that's subject to a Legal Hold can't be deleted until the Legal Hold is lifted.

Legal Hold is supported by the ONTAP CLI and REST API.

Note

ONTAP doesn't support Legal Hold with FlexGroup volumes.

The following procedures explain how to start and end a Legal Hold. You must be a SnapLock administrator (have the vsadmin-snaplock role) to complete these tasks in the ONTAP CLI. For more information, see SnapLock administrator.

To start a Legal Hold on a file in a SnapLock Compliance volume with the ONTAP CLI

Run the following command. Replace litigation1, slc_vol1, and file1 with your own information. 

vs1::> snaplock legal-hold begin -litigation-name litigation1 -volume slc_vol1 -path /file1

To start a Legal Hold on all files in a SnapLock Compliance volume with the ONTAP CLI

Run the following command. Replace litigation1 and slc_vol1 with your own information. 

vs1::> snaplock legal-hold begin -litigation-name litigation1 -volume slc_vol1 -path /

To end a Legal Hold on a file in a SnapLock Compliance volume with the ONTAP CLI

Run the following command. Replace litigation1, slc_vol1, and file1 with your own information. 

vs1::> snaplock legal-hold end -litigation-name litigation1 -volume slc_vol1 -path /file1

To end a Legal Hold on all files in a SnapLock Compliance volume with the ONTAP CLI

Run the following command. Replace litigation1 and slc_vol1 with your own information. 

vs1::> snaplock legal-hold end -litigation-name litigation1 -volume slc_vol1 -path /
Note

We recommend that you monitor the -operation-status with the snaplock legal-hold show command when issuing a Legal Hold to make sure that it doesn't fail.

Related commands in the NetApp Documentation Center: