5 1 0:Recovery of Si3 Deduplication Store with Object Lock
Overview
To further increase resistance to evolving ransomware attacks, immutable storage is a very effective defense. The Si3 Deduplication Store with Object Lock enables disaster recovery of data objects in a bucket. Because data objects in a bucket with Object Lock function are versioned, every version of every object in the bucket is preserved. Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. If an object is deleted, the data object is not removed permanently, instead the version is marked as deleted. Similarly when an object is overwritten, a new version is created, retaining the previous versions.
With SEP sesam you can perform recovery:
- to the last not deleted version
- to a specific point in time
The object recovery is performed using CLI.
Note | |
You must have SEP sesam administrator privileges to run SEP sesam CLI commands and use the command prompt as an administrator. All commands are run from the <SESAM_ROOT>/bin/sesam/ directory. If you want to execute SEP sesam commands globally (and not from the actual run directory), set the SEP sesam profile as described in What happens when I set a profile?.
|
Object version recovery
To recover data objects to the last not deleted version, you need the name of the .ini file, which contains the data store configuration. The name of the .ini file is derived from the data store name data_stores.name (si3sesamlock) and the drive number for that data_store, for example, si3sesamlock_2.ini.
To obtain the .ini file name and the drive number, use the sm_main start sds command.
Result:
2022-10-19 14:30:32: Found SDS configuration file: "/var/opt/sesam/var/ini/stpd_conf/si3sesamlock_2.ini"
To perform recovery, in CLI execute the following command:
sm_java -Ddrive_num=<drive_number> sds2 recover
where you replace <drive_number> with the actual drive number.
Point-in-time recovery
To recover data objects to a certain point in time, decide the date and time of the restore point and convert it to Unix time (you can use an online converter, for example: EpochConverter).
To perform a point-in-time recovery, in CLI execute the following command:
sm_java -Ddrive_num=<drive_number> sds2 recover <Unix_time>
where you replace the variables:
- <drive_number> with the actual drive number
- <Unix_time> with the required time in Unix time
See also
Audit Logging – Ransomware Protection Best Practices – About Authentication and Authorization – Backup Strategy Best Practices