Enabling immutable storage

You can enable the immutable storage in the Cyber Protect console.

In the cloud deployment, configuring the immutable storage settings requires two-factor authentication.

Prerequisites

  • If you upgrade to Acronis Cyber Protect 16 from an older version, and the management server is installed on a Windows machine, you must update the certificate in the Account Server folder.

    For more information, see Updating the Account Server certificate.

To enable immutable storage

On-premises deployment

  1. Log in to the Cyber Protect console as an administrator.
  2. Go to Settings > Storage node.
  3. Select the Acronis Cyber Infrastructure storage node for which you want to enable immutable storage, and then click Immutable storage settings.
  4. On the pane that opens, enable the Immutable storage switch.
  5. Click Enable.

  6. Specify a retention period between 14 and 3650 days.

    The default retention period is 14 days. A longer retention period will result in increased storage usage.

  7. Select the immutable storage mode and, if prompted, confirm your choice.

    • Governance mode

      This mode ensures that ransomware or malicious actors cannot tamper with or erase backup data, because all deleted backups are kept in the immutable storage for the retention period that you specified. It also guarantees the integrity of backup data, which is critical for disaster recovery.

      In this mode, you can disable and re-enable the immutable storage, change the retention period, or switch to Compliance mode.

    • Compliance mode

      In addition to the benefits of the Governance mode, the Compliance mode helps organizations meet the regulatory requirements for data retention and security by preventing data tampering.

      Selecting Compliance mode is irreversible. After selecting this mode, you cannot disable the immutable storage, change the retention period, or switch back to Governance mode.
  8. Click Close.

  9. To add an existing archive to the immutable storage, create a new backup in that archive by running the corresponding protection plan manually or on a schedule.

    If you delete a backup before adding the archive to the immutable storage, the backup is deleted permanently.

Cloud deployment

  1. Log in to the Cyber Protect console as an administrator.
  2. Go to Settings > System settings.
  3. Scroll through the list of default backups options, and then click Immutable storage.
  4. Enable the Immutable storage switch.

  5. Specify a retention period between 14 and 3650 days.

    The default retention period is 14 days. A longer retention period will result in increased storage usage.

  6. Select the immutable storage mode and, if prompted, confirm your choice.

    • Governance mode

      This mode ensures that ransomware or malicious actors cannot tamper with or erase backup data, because all deleted backups are kept in the immutable storage for the retention period that you specified. It also guarantees the integrity of backup data, which is critical for disaster recovery.

      In this mode, you can disable and re-enable the immutable storage, change the retention period, or switch to Compliance mode.

    • Compliance mode

      In addition to the benefits of the Governance mode, the Compliance mode helps organizations meet the regulatory requirements for data retention and security by preventing data tampering.

      Selecting Compliance mode is irreversible. After selecting this mode, you cannot disable the immutable storage, change the retention period, or switch back to Governance mode.
  7. Click Save.

  8. To add an existing archive to the immutable storage, create a new backup in that archive by running the corresponding protection plan manually or on a schedule.

    If you delete a backup before adding the archive to the immutable storage, the backup is deleted permanently.