Enabling Backup Locking

Scenarios

To prevent the backup data from being deleted by mistake or maliciously, you can enable backup locking for vaults to improve data security.

Once enabled, all backups in the vault enter the WORM (write once, read many) status. No one can delete the backups that are in their retention periods.

This section describes how to enable backup locking for a vault. You can also enable it when purchasing a vault.

Constraints

• Backup locking cannot be disabled after it is enabled.
• After backup locking is enabled, associated resources cannot be dissociated and files cannot be migrated. However, file backup clients that do not have backups can be dissociated from vaults.
• Backup locking does not affect normal backup, restoration, and replication operations.
• After backup locking is enabled, policy-based backups can only be deleted after they expire.
• Manual backups are not affected by backup locking and can be manually deleted.
• After backup locking is enabled, pay-per-use vaults cannot be deleted if they contain backups, but yearly/monthly vaults can be unsubscribed from.
• Backup locking is not supported for VMware backup.

Enabling Backup Locking for a Vault

1. Log in to the CBR console.
   1. Log in to the management console.
   2. Click in the upper left corner and select a region.
   3. Click and choose Storage > Cloud Backup and Recovery. Select a backup type from the left navigation pane.

2. On any backup page, locate the target vault and choose More > Enable Backup Locking in the Operation column.
3. In the displayed dialog box, enable backup locking.
   Figure 1 Backup locking

   

4. Click OK.

   The vault list is displayed, and you can see that the value in the Back Locking column is Enabled.