The immutable feature is available in Avamar 19.8.x.
For older versions, this feature is available by installing an MCS Hotfix.
Avamar version requirements (check "Additional Info" for Hotfix Suite numbers):
The Integrated Data Protection Appliance release of Avamar does not support Immutable Backup.
Immutable Backup Features
Once the immutable backup is configured, the following operations cannot be performed in MCGUI or AUI:
To enable Immutable Backup on Avamar: Install the required MCS Hotfix Suites.
To enable this feature, run the following commands. Carefully evaluate your decision because THIS IS IRREVERSIBLE.
As admin user on Avamar Utility or Single node:
admin@avamar:~/>:avmaint config immutablebackups=true --ava --confirmthisisnotreversible
To verify the setting is enabled:
admin@avamar:~/>:avmaint nodelist | grep immutablebackups immutablebackups="true"
Retention lock is a feature used on Data Domain Restorers (DDRs) to prevent modification or deletion of certain sets of files for a predetermined period. Retention-locked files are read-only until their retention period expires.
Retention lock is available for two different functions:
Retention lock compliance mode meets regulatory standards:
The list of regulatory standards that retention lock compliance mode meets includes the following:
For full details of certification information, contact your contracted support provider.
Enabling Compliance Mode Retention Lock on Data Domain:
Carefully evaluate your decision because THIS IS IRREVERSIBLE.
As user sysadmin on Data Domain CLI:
A retention lock compliance license is added to the DDR.
A user with the role of 'security' should be created (assuming such a user does not exist):
(ADMIN USER) # user add [username] role security
The user with the role of 'security' should log in to the DDR and enable security user authorization:
(SECURITY USER): # authorization policy set security-officer enabled
The system should be configured for retention lock compliance mode. Once the following command runs to completion, the system reboots automatically:
(ADMIN USER) # system retention-lock compliance configure
Once the system has rebooted, retention lock compliance mode should be enabled on the system:
(ADMIN USER) # system retention-lock compliance enable
Retention lock compliance mode is enabled against any required MTree:
(ADMIN USER) # mtree retention-lock enable mode compliance mtree [mtree]
MTrees can be listed in the output of mtree list, which can also display which MTrees have retention lock enabled, for example:
sysadmin@ddxxxx# mtree list Name Pre-Comp (GiB) Status Tenant-Unit --------------------------------- -------------- ------- ----------- ... /data/col1/rich-retention-lock 0.0 RW/RLGE - /data/col1/rl_test 0.0 RW/RLGD - /data/col1/rl_test_comp 0.0 RW/RLCE - /data/col1/test 3.1 RW/RLGE - ... --------------------------------- -------------- ------- ----------- ... RLGE : Retention-Lock Governance Enabled RLGD : Retention-Lock Governance Disabled RLCE : Retention-Lock Compliance Enabled
Once the retention lock is enabled against an MTree, a minimum and maximum retention period must be set. These periods dictate the minimum and maximum time a file within the MTree can be locked for. For example:
# mtree retention-lock set min-retention-period [period] mtree [mtree] # mtree retention-lock set max-retention-period [period] mtree [mtree]
Periods can be given in various units as follows:
* 1min * 1hr * 1day * 1mo * 1year
Once Retention Lock on Data Domain is enabled:
Log in to the Avamar Server and take a checkpoint:
admin@avamar:~/>:mccli checkpoint create --override_maintenance_scheduler=true
See article 79803 for questions on Retention lock, Data Domain: Retention Lock Frequently Asked Questions.
See article 212375 for instructions on downloading hotfixes, Avamar: How to find and download a product hotfix, patch, install or upgrade package from the Dell Support website.
Avamar Server v19.4.0-124:
Avamar Server v19.7.0-82