Immutability for Object Storage Repositories
Veeam Backup & Replication allows you to prohibit deletion of data from the object storage repository by making that data temporarily immutable. It is done for increased security: immutability protects your data against loss as a result of attacks, malware activity or any other injurious actions.
You can enable immutability for data stored in the following types of object storage repositories:
- Amazon S3
- Microsoft Azure Storage
- IBM Cloud Object Storage
- Wasabi Cloud Object Storage
After you enable immutability, Veeam Backup & Replication will prohibit data deletion from object storage repositories until the immutability expiration date comes.
You will not be able to perform the following operations with the immutable data stored on object storage repositories:
- Manual removal of data, as described in section Deleting Backups from Object Storage.
- Removal of data by the retention policy, as described in section Retention Policy.
- Removal of data using any cloud service provider tools.
- Removal of data by the cloud service provider technical support department.
- Removal of data by the Remove deleted items data after option, as described in section Maintenance Settings.
Consider the following:
Considerations and Limitations
For more information, see Considerations and Limitations.
To enable immutability, you must do the following:
- Configure the following settings when you create an S3 bucket or Azure container:
- Amazon S3 Storage, S3 Compatible, IBM Cloud, Wasabi Cloud — You must enable the Object Lock and Versioning features on your S3 bucket when you create the bucket.
Note that most vendors allow enabling Object Lock only at the moment of creating the bucket.
- Azure Storage — You must enable support for version-level WORM on the container and enable blob versioning for your storage account when you create a storage account.
For more information on enabling version-level WORM for a container, see Microsoft Docs.
For more information on blob versioning for a storage account, see Microsoft Docs.
When you create the storage account, by default the version-level immutability support option is enabled. You must disable it, otherwise immutability will not be applied for your Azure object storage. For more information, see Microsoft Docs.
- Enable the immutability option when you add an object storage repository to the backup infrastructure at the Container step (for Azure object storage repository) or Bucket step (for Amazon S3 or S3 compatible object storage repositories) of the new Object Storage Repository wizard.