Immutability for Capacity Tier
Veeam Backup & Replication allows you to prohibit deletion of data from capacity extents by making that data temporarily immutable. It is done for increased security: immutability protects your data from loss as a result of attacks, malware activity or any other injurious actions.
You can enable immutability for data stored in Amazon, S3-compatible and Azure object storage repositories used as capacity extents of the scale-out backup repository. After you enable immutability, Veeam Backup & Replication will prohibit data deletion from capacity tier until the immutability expiration date comes.
Backups are immutable only during the immutability period set in the object storage repository settings even if their retention policy allows for longer storage. Immutability retention policy ignores retention policies set for the following types of backups:
- Backups with GFS flags
- Backups created with VeeamZIP jobs
- Exported backup files
The immutable data within the capacity extents cannot be subject to the following operations:
- Manual removal of data, as described in section Removing Backups from Capacity Tier.
- Removal of data by the retention policy, as described in section Retention Policy.
- Removal of data using any cloud service provider tools.
- Removal of data by the cloud service provider technical support department.
- Removal of data by the Remove deleted items data after option, as described in section Maintenance Settings.
To enable immutability, you must do the following:
- Configure the necessary settings when you create an S3 bucket or an Azure container.
For more information, see Preparing to Use Immutability.
- Enable the immutability option when you add an object storage repository to the backup infrastructure at the Container step (for Azure object storage repository) or Bucket step (for Amazon S3 or S3 compatible object storage repositories) of the new Object Storage Repository wizard.