Nutanix Objects WORM Capabilities.

Anirudha | Wed, 04/15/2020 - 03:56

In the previous series we looked at Objects Versioning and Objects LifeCycle capabilities, which helps you with your data management. In this series, we will take a look at Nutanix WORM, one more awesome feature that Nutanix Objects provides natively. We will also learn how these features interact with each other.

While any data stored on Nutanix Objects becomes immutable in nature i.e no further updates on the data is allowed, and features such as Versioning helps you to preserve each over-writes as a new object, but you need additional capability to protect against object deletion . And that’s exactly where Nutanix WORM  provides you guarantee. 

WORM capability will help you to retain your data for a certain period of time, once WORM is configured on a bucket, data can not be deleted Or expired until the retention period is satisfied on the object. This is helpful to maintain legal compliance . 

One of the use case you can think of is, in the medical or financial sector you may need to maintain  compliance to preserve every data for few months to years that enters into the system. Maintaining huge data manually to keep a watch on any malware attack Or user attack, is error prone. And this is the problem WORM is solving for you. It provides you additional data protection against data deletion.

 

What you need :

  1. Objects Cluster
  2. Valid IAM credentials.
  3. Access to Objects UI.
  4. Linux/Windows client installed with python boto3 package

How does WORM works :

  • WORM can be configured on the bucket via Objects UI or via API, and it applied on each object. 
  • Once WORM policy is configured, all the objects in the bucket i.e existing and newly created objects, will be protected until retention period.
  • WORM period can only be extended, you can not reduce the period on the bucket.
  • User gets a 24hrs grace period, to remove WORM policy from the bucket. But post 24 hrs , WORM can not be disabled and any data entered in the bucket, will have a retention set. This can not be undone.
  • You can configure expiration policies on WORM bucket. WORM always takes a precedence over expiration policies. I.e if you configure expiration for 1Day but retention for 10Days. Then data will be retained for 10days and then will be expired. 
  • Until Objects1.1, WORM will auto-enable Versioning on Bucket.

We will :

  • Configure WORM via Objects UI.
  • Validate if Feature works.
  • Writing python code to enable feature.