Home > Storage > PowerMax and VMAX > Data Protection > Dell PowerMax 2500 and 8500: TimeFinder SnapVX Snapshots and Clones > Secure snaps
Secure snaps cannot be deleted for a user-defined retention period. Secure snaps are retained during resource-limited situations where conventional snaps are intentionally failed to release system resources. These resilient snapshots provide recovery capabilities for critical applications after an array resource event or a malicious attack.
When the secure snap retention time is reached, the snapshot is automatically terminated unless it is linked or restoring. Users may extend a retention time if a secure snap is needed longer than originally planned. Reducing the retention period of a secure snap is not allowed. A traditional snapshot may be converted to a secure snap, but a secure snap may not be converted to a traditional snapshot. All SnapVX operations and rules for traditional snapshots regarding restores, linked target operations, and automatic expiration also apply to secure snaps. -
In Unisphere, secure snaps are selected in Advanced Options when the standard expiry period is not set. A snapshot cannot have both standard and secure expiration periods.
When a SnapVX snapshot is created, whether secure or traditional, the expiration time is stored on the array. Changing the date or time on the application server, NTP server, or anywhere else in the environment does not affect existing snapshots. The snapshots are retained for the required retention period regardless of any changes external to the array.
Moreover, the array’s date and time cannot be changed from any external interfaces such as Solutions Enabler or Unisphere. Dell Support has tools to modify array time if needed. RSA Secure Service Credentials restrict access to an array and further restrict tools according to user level.
Secure snaps exhibit several behavioral differences compared to traditional snapshots. The behavioral differences are important to understand before implementing secure snaps.
If capacity limits are reached, secure snaps have priority over host writes and over SRDF writes to R2 volumes. This behavior provides extra protection. If there is an intentional attack or a runaway application on a system, preserving secure snaps allows for restore after the situation is mitigated.
If capacity or cache limits are reached, existing secure snaps survive and continue to grow and are available for use. New secure snaps cannot be created.
Users can terminate traditional snaps to release system resources if needed. However, Secure snapshots may only be terminated before they expire by customer-authorized Dell Support. See knowledgebase article 47872 for more information.
Best practice: Carefully consider how many snapshots on an array really need to be secure. Consider using secure snaps only on critical applications and only for points-in-time that are critical to the business. Also consider how long the secure snaps should be retained. A combination of secure and standard snapshots can protect an application.