Hello and welcome everyone to the Power Protect Data Manager appliance P 0.14 R three release. I'm Sonali Verma from the technical marketing engineering team. Today, we are going to see one of the key features introduced in this release: the retention lock compliance. Retention lock is a feature designed to prevent modification or deletion of data for a predefined period. In other words, retention lock files are read-only until the retention period expires or until the indefinite retention hold is disabled if that's being used. Retention lock compliance enables you to meet the strictest data permanence requirements of regulatory standards.
Let's see the prerequisites in order to use this feature. The first and foremost is that we need to have a security officer user created if that's not already present and then enable security authorization policy using the security officer user. Also, configure the iDRAC read-only user in order to use this feature.
Now, let's proceed further and start setting up retention lock compliance. The first step after prerequisites would be to enable system-level retention lock compliance and then create a storage unit with retention lock compliance mode. Once that is done, we will then proceed to create a policy with the retention lock by selecting the same storage unit that we created in the previous step and also enable the retention lock on the policy level.
Now, users will be able to use the same retention lock mode that was set while creating the storage unit. If the storage unit was created with the retention lock compliance mode, the only mode available in the policy would be the retention lock compliance mode.
Indefinite retention hold only applies to storage units that have the retention lock mode set, either governance or compliance. Once retention hold is enabled for a storage unit, it will continue to be locked even after the retention period expires, until the retention hold is disabled. We can see various storage units present under the name column. Different retention lock modes are present for each storage unit, either compliance, governance, or no retention lock mode.
Indefinite retention hold can be applied only to storage units which have retention lock mode, either governance or compliance. We'll choose one of the storage units that has the retention lock mode. Here, we have a certain unit with governance mode. Once we select it, we can go to more actions and enable indefinite retention hold. If you want to disable it, we will do it from the same place. We have the disable option. Once the indefinite retention hold is enabled, the storage unit will look something like this along with the retention mode.
Now, let's proceed to the demonstration. We first log in to the Power Protect Data Manager appliance using admin credentials. Some of the prerequisites are already done; we do have a security officer user existing, and we do have an iDRAC read-only user that has been configured. The other prerequisite is to enable the security officer authorization using the security officer. It is currently disabled, so we will log out as an admin user and log back into the Power Data Manager appliance with the security officer user.
Once we log in, we will be able to enable the security authorization policy by going to the GUI and enabling it from there and clicking on save for the configurations to be saved. We can verify again by going to the GUI security and see that it has been enabled. So we will log out as a security user and now log back in as an admin user to proceed further. All our prerequisites are now done, and we are good to start enabling our retention lock compliance first.
We need to enable it on the system level. As soon as we enable it, it will ask us for security officer credentials. We need to provide that and click on save, and then click continue. We need to wait for the configuration job to complete. The system retention lock compliance configuration has been completed successfully, meaning we are now good to proceed further.
Let me show you how the retention lock compliance mode looks like once it is enabled. This is how it will look like, and you can see the lock icon over there. Now, we need to create the storage unit with the retention lock mode. The system-level retention lock compliance has been enabled. Let us create a storage unit with the retention lock mode. For that, we will go to storage unit, click on add, provide a new storage unit name, and then scroll down to enable the retention lock. You will choose compliance and provide the retention lock period for the storage unit.
As soon as you enable the compliance mode of retention lock, it will ask you for security officer credentials, and you need to provide that and click on save. Now, if you choose your storage unit, you can see that it has been enabled with compliance. Let's proceed further to create a protection policy with retention lock. We will start creating the policy and have to select the same storage unit that we created just now with the retention lock mode.
So we'll choose the asset from here, and then we will click on add primary backup and choose the storage unit that has retention lock. As soon as we choose the retention lock storage unit, we can see in its description that it is compliance enabled with a lock icon. Then we'll enable the retention lock on the policy. You can see it also applies the same mode as it has in the storage unit, which is the compliance mode.
Then we will set our retention and schedule for the backup to proceed further and click on save and continue to keep all the settings as default and proceed to the next. Continue to keep other settings as they are and click on finish and wait for the protection policy configuration job to complete. We see the two jobs have been initiated, so we can see the configuration protection of four VMs has been completed as well as updating protection storage configuration has been completed. This is how your retention lock policy would look like with the lock symbol again.
We will proceed to do an ad hoc backup now. We chose that policy and clicked on protect now. The protection job has been initiated, and you can click on view details to see the progress of it. You can click on details and go to step logs to see exactly where we are at, and it looks like the job has completed successfully. Let us go to the assets and the infrastructure and see the backup copies. You can see here it has a lock icon, and if you hover your mouse over it, we can see that the backup copy has been protected.
This is how we are going to set up the retention lock compliance. Thank you all for joining.
