Home > Storage > ObjectScale and ECS > Product Documentation > Dell ECS with Commvault: Configuration and Best Practices > Object Lock
Object Lock prevents object version deletion during a user-defined retention period. Immutable S3 objects are protected using object or bucket-level configuration of WORM and retention attributes. The retention policy is defined using the S3 API or bucket-level defaults. Objects are locked during the retention period; legal hold scenarios are also supported.
Dell ECS 3.6.2.1 and later includes ECS Object Lock, which is compatible with the capabilities of Amazon S3 object lock. Commvault also supports ECS Object Lock as of version 11.24.
Key considerations when using ECS Object Lock include:
Note: The parameter nCloudDellECSRetention must be disabled on the MediaAgents when you use Object Lock; otherwise, the ECS retention extension will be used.
If you are considering using Object Lock, we highly recommend that you review the information provided in Better Protection with Dell ECS Object Lock.
When considering using Object Lock with Commvault, note the following key points:
Enabling Object Lock with an ECS bucket requires using the REST API. You can use postman, S3curl, or a similar tool to use the REST API. The following examples use S3curl.
The following figure illustrates the Object Lock workflow:
You must use the API to create the ECS bucket and enable Object Lock. Do not set the retention period and mode. With Commvault SP26 and later, the retention period is set on a per-object basis as Commvault uploads to ECS.
s3curl --id cvltiam --createBucket -- http://ecs.example.com/commvault02 -H "x-amz-bucket-object-lock-enabled: true"
s3curl --id cvltiam -- http://ecs.example.com/commvault02?object-lock | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ObjectLockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<ObjectLockEnabled>Enabled</ObjectLockEnabled>
</ObjectLockConfiguration>
s3curl --id cvltiam -- http://ecs.example.com/commvault02/?versioning | xmllint --format –
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VersioningConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Status>Enabled</Status>
</VersioningConfiguration>
Prepare for Object Lock in Commvault as follows:
Configure the WORM storage mode for the cloud storage library as follows:
The Enable WORM Storage Options dialog box is displayed.
The Select Storage Pool dialog box is displayed.
By default, the WORM lock is set to twice the retention set at the storage pool.
The Modify WORM lock dialog box is displayed.
Whether you continue to run the workflow or modify the WORM lock days, a message warns you that WORM requires more storage capacity and that it cannot be reversed after it is enabled.
The Summary dialog box is displayed.
After successfully running a backup, verify the mode and retention period on an object written to the ECS bucket:
s3curl --id cvltiam -- http://ecs.example.com/commvault02/H4RV97_03.09.2022_18.55/CV_MAGNETIC/V_8243/CHUNK_71426/CHUNK_META_DATA_71426.F
OLDER/0?retention | xmllint --format –
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Retention xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Mode>COMPLIANCE</Mode>
<RetainUntilDate>2022-03-12T20:22:11.000Z</RetainUntilDate>
</Retention>