About immutable object support for AWS S3
NetBackup 9.1 and later versions support cloud immutable (WORM) storage with S3 Object Lock. For more information about Amazon S3 Object Lock, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html.
Cloud administrator and backup administrator need specific permissions to configure and use immutable storage. Cloud administrators need a set of permissions to manage the bucket and cloud volume in the cloud and backup administrators need permissions to manage backup data.
See AWS user permissions to create the cloud immutable volume.
Backup images can be locked in one of the following two retention modes:
Compliance mode
Users cannot overwrite or delete the data that is protected using the compliance mode for the defined retention period. Once you set a retention period for the data storage, you can extend it but cannot shorten it.
Enterprise mode
Users require special permissions to disable the retention lock and then delete the image. Only the cloud administrator user can disable the retention lock and then the delete the image if required. You can use the enterprise mode to test the retention period behavior before you use compliance mode.
Cloud immutable volume (Cloud LSU) is a cloud volume with the following differences than normal cloud volumes:
The bucket is Object Lock enabled.
A retention range is defined for the cloud volume. The retention of any backup images must be in this range. NetBackup checks this condition when the backup policy is created.
You can define and modify this range in the NetBackup web UI.
See Creating a cloud immutable storage unit using the web UI.
See Updating a cloud immutable volume.
See Extend the cloud immutable volume live duration automatically.
See Performance tuning.
See AWS user permissions to create the cloud immutable volume.