The latest release of ZFSSA Software OS8.8.45 includes file retention lock joining object retention lock and snapshot retention lock.

3 types of retention lock

Legal Hold

You might need to preserve certain business data in response to potential or on-going lawsuits. A legal hold does not have a defined retention period and remains in effect until removed.  Once the legal hold is removed, all protected data is immediately eligible for deletion.

Data Governance

Data Governance locks data sets (snapshot, object or file) for a period of time protecting the data from deletion.  You might need to protect certain data sets as a part of internal business process requirements or protect data sets from a cyber attack. While retaining the data for a defined length of time is necessary, that time period could change.

Regulatory Compliance

Your industry might require you to retain a certain class of data for a defined length of time. Your data retention regulations might also require that you lock the retention settings. Regulatory compliance only allows you to increase the retention time.

3 implementations of retention lock

Object storage

Object storage retention is managed through the OCI client tool and Object retention is enforced through the API. Current retention settings are applied to all objects when they are accessed.  Adding a rule immediately takes affect for all objects.  

Administration of retention rules can be managed through the use of RSA certificates.  It is recommended to create a separation of duties between a security administrator, and the object owner.

Retention on object storage is implemented in the following way based on the retention lock type.

Legal hold

Legal holds are implemented by placing an indefinite retention rule on a bucket.  Creating this rule ensures that all objects within the bucket can not be deleted, and cannot be changed. Only new objects can be stored.

Data Governance

Data Governance is implemented by placing a time bound retention rule on a bucket.  The rule sets a lock on all objects for a set length of time.  The rule can be later deleted. For cyber protection it is recommended to implement this with a separation of duties.

Regulatory Compliance

Regulatory Compliance is implemented by placing a locked time bound retention rule on a bucket with a grace period.  When a locked time bound retention rule is created it immediately takes effect, but there is a grace period of at least 14 days which allows you to test the rule. Once the grace period expires the rule cannot be deleted even by an administrator.

Snapshots

Snapshot locking is managed their the BUI, or CLI.  Individual snapshots can be locked, and scheduled snapshots can be created and automatically locked.  Permission for controlling snapshot locking can be assigned to ZFSSA users allowing to create a separation of duties. Shared or projects cannot be removed if they contained locked snapshots.

Retention on snapshots is implemented in the following way based on the retention lock type.

Legal hold

Legal holds on snapshots is handled by creating a snapshot, and locking the snapshot. The snapshot cannot be removed until the lock on the snapshot is removed.  There is no mechanism to schedule unlimited snapshots. but it is possible to create a large number of daily snapshots that are retained as locked snapshots for 1000s+ of days.

Data Governance

Data governance of snapshots is handled through the use of scheduled locked snapshots.  A schedule is created with both a retention, and "keep at most" setting. This allows you to manage snapshots for a locked number of snapshots, while automatically cleaning up snapshots that are past the retention number.  The snapshots can be unlocked and removed, and the schedule can be removed by an administrator with the correct privileges.

Regulatory Compliance

Regulatory compliance of snapshots is handled through the use of locked snapshot schedules.  Similar to data governance, a snapshot schedule is created, but when regulatory compliance is set, the schedule cannot be decreased or removed as long as data exists within the snapshot.  

File Retention

File retention is set at the share or project level and controls updating and deletion of all data contained on the share/project.  A default file retention is set and all new files will inherit the default setting in effect when the file is created. It is also possible to manually set the retention on a file overriding the default setting inherited by the file.

Legal Hold

Legal hold cannot be easily implemented with file retention.  File retention of individual files is set at file creation, and can only be changed manually.

Data Governance

Data governance is implemented by creating a NEW project and share with a file retention policy of privileged.  Privileged mode allows you to create a default retention setting for all new files, and change that setting (longer or shorter) going forward.  

Regulatory Compliance

Regulatory compliance  is implemented by creating a NEW project and share with a file retention policy of mandatory (no override).  Mandatory mode does not allow you to decrease the default file retention.  The project/share cannot be removed when locked files exist, and the storage pool cannot be removed when locked files exist within the pool. This mode also requires an NTP server be utilized, and root is locked out of any remote access.

The best way to explore these new features is by using the ZFSSA image in OCI to test different scenarios.