About object-level immutable storage support for Google Cloud Storage
NetBackup 10.4 and later versions support the object-level immutable storage for Google Cloud Storage to store the backup data. For more information about Google Cloud Storage, see Object Retention Lock.
Cloud administrator and backup administrator need specific permissions to configure and use immutable storage. Cloud administrators need a set of permissions to manage the bucket and cloud volume in the cloud and backup administrators need permissions to manage backup data.
Backup images can be locked in one of the following two retention modes:
Compliance mode
Users cannot overwrite or delete the data that is protected using the compliance mode for the defined retention period. Once you set a retention period for the data storage, you can extend it but cannot shorten it.
Enterprise mode
Users require special permissions to disable the retention lock and then delete the image. Only the cloud administrator user can disable the retention lock and then the delete the image if required. You can use the enterprise mode to test the retention period behavior before you use compliance mode.
Cloud immutable volume (Cloud LSU) is a cloud volume with the following differences from the normal cloud volumes:
The bucket is Object Lock enabled.
A retention range is defined for the cloud volume. The retention of any backup images must be in this range. NetBackup checks this condition when the backup policy is created. You can define and modify this range in the NetBackup web UI.
NetBackup uses the Google S3 XML API to effectively handle data management in Google Cloud storage. However, the Google S3 XML API lacks the necessary functionality to manage the retrieval and configuration of the bucket default retention of the bucket. So the NetBackup is unable to determine if S3 buckets have a default retention policy configured, and as a result, it perceives them as non-object-lock buckets. When opting for a bucket with default retention policy in Google Cloud Storage, certain unexpired objects cannot be deleted.
We recommend that you avoid bucket creation in the Google Cloud console. Create all buckets exclusively in the NetBackup web UI. Additionally, identify any buckets with default retention policy in the Google Web Console and refrain from using them in NetBackup.
See Creating a cloud immutable storage unit using the web UI.
See Updating a cloud immutable volume.
See Extend the cloud immutable volume live duration automatically.
See Performance tuning.