Home > Data Protection > Data Protection (general) > Immutability in Dell Data Protection Software and Appliances > PowerProtect DD Retention Lock overview
PowerProtect DD Retention Lock is a licensed feature that provides immutable file locking and secured data retention for customer to meet both corporate governance and compliance. Retention Lock applies the retention period on individual files and allows granular management of retention periods on a file-by-file basis.
When a file is written to an MTree where Retention Lock is enabled, PowerProtect DD Retention Lock ensures that the data integrity is maintained, and data cannot be modified or deleted. Files that are written to the MTree that are not committed to be retained can be deleted at any time. Files that are committed to be retained can be deleted only after the file retention period has expired. Modification of the file is not allowed, even after the retention period is over.
Beginning with DDOS 7.10, Data Domain Virtual Edition supports Retention Lock Compliance (RLC), whereas PowerProtect DD appliances have supported RLC for some time. AWS, Microsoft Azure, and GCP support Retention Lock Governance (RLG). Only AWS supports RLC, beginning with DDOS 7.12.
The default minimum retention period for the files that are written to the MTree where RLG is enabled is 12 hours, and the default maximum is 5 years. The minimum default value cannot be set below 12 hours, whereas the maximum period can be up to 70 years.
PowerProtect DD prevents users from changing the system clock through either the CLI or UI. After RLC is enabled, PowerProtect DD implements an internal security clock to prevent malicious tampering with the system clock. The internal security clock disables the file system if the skew between the security clock and the system clock reaches a designated value (14 days by default).