When creating a volume snapshot, the user can mark snapshots as “secure,” enabling customers to meet business and statutory requirements for data retention. Securing snapshots is especially important in the financial sector.

Figure 15.    A secure snapshot with a one-year expiration time

When a snapshot is created with the secure option, it cannot be deleted until the assigned expiration time is reached. A formal process exists to delete secure snapshots. Contact Dell support for more information.

Note: Secure Snapshots are, by default, Read Only.

A snapshot can be created initially with or without the secure flag and expiration time. If it is initially created without the secure flag, the expiration time can be added later with the set_snapshot_security CLI command. (The REST API can also be used to add this marker.)

Secure snapshots cannot be altered before their expiration time. When a secure snapshot is mapped to an SDC, regardless of how it is mounted, it will be forced into the read-only option. We saw above that PowerFlex snapshots can be deleted or overwritten with the contents of another V-Tree member. These operations are not possible for secure snapshots.

It is possible to mark snapshots created through a scheduling policy as secure. However, any secure snapshots that exist in a policy-generated set will remain in place regardless of what is done to the snapshot policy. Pausing, altering, or deleting the policy will not delete the snapshots marked as secure.

The snapshot policy engine itself has been enhanced to enable the automatic creation of secure snapshots using the secure_snapshots flag. In this case, the snapshots created for and during each interval cannot be manually deleted until the normal intervals have occurred. At that point, the policy engine will remove the snapshots per the defined rule.