Veeam Backup & Replication 12.1 (or later) has the ability to use S3 Object Lock’s Governance mode when you setup an object storage repository to be immutable.
S3 Object Lock is a feature of S3 and S3 Compatible object storage to prevent objects from being deleted or modified until the object lock retention has been met and the lock expires.
There are two modes for the object lock retention:
- Compliance mode
- Governance mode
Similar to Compliance mode, the Governance mode also locks the objects to prevent them from being deleted or overwritten, but it is less strict than Compliance mode:
- Users with the appropriate permissions can delete or modify the objects before the object lock retention is met.
- Governance mode also allows the users with proper permissions to reduce and increase the object lock retention period.
When you are configuring Veeam, if you could, please set up immutability in Governance mode as it allows some control on our end to remove data if required. If you prefer to use Compliance mode, which is the default configuration, be aware that this means the data cannot be deleted even by us until the immutability period has expired.
You enable Governance mode on the Veeam Backup & Replication server by setting the registry setting
HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\S3GovernanceImmutabilityMode to be 1.
Comments
0 comments
Article is closed for comments.