5 1 0:Recovery of Si3 Deduplication Store with Object Lock

From SEPsesam


Welcome to the latest SEP sesam documentation version 5.1.0 Apollon. For previous documentation version(s), check documentation archive.

Overview


To further increase resistance to evolving ransomware attacks, immutable storage is a very effective defense. The Si3 Deduplication Store with Object Lock enables disaster recovery of data objects in a bucket. Because data objects in a bucket with Object Lock function are versioned, every version of every object in the bucket is preserved. Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. If an object is deleted, the data object is not removed permanently, instead the version is marked as deleted. Similarly when an object is overwritten, a new version is created, retaining the previous versions.

With SEP sesam you can perform recovery:

The object recovery is performed using CLI.

Note
You must have SEP sesam administrator privileges to run SEP sesam CLI commands and use the command prompt as an administrator. All commands are run from the <SESAM_ROOT>/bin/sesam/ directory. If you want to execute SEP sesam commands globally (and not from the actual run directory), set the SEP sesam profile as described in What happens when I set a profile?.

Object version recovery

To recover data objects to the last not deleted version, you need the name of the .ini file, which contains the data store configuration. The name of the .ini file is derived from the data store name data_stores.name (si3sesamlock) and the drive number for that data_store, for example, si3sesamlock_2.ini.

To obtain the .ini file name and the drive number, use the sm_main start sds command.

Result:

2022-10-19 14:30:32: Found SDS configuration file: "/var/opt/sesam/var/ini/stpd_conf/si3sesamlock_2.ini"

To perform recovery, in CLI execute the following command:

sm_java -Ddrive_num=<drive_number> sds2 recover

where you replace <drive_number> with the actual drive number.

Point-in-time recovery

To recover data objects to a certain point in time, decide the date and time of the restore point and convert it to Unix time (you can use an online converter, for example: EpochConverter).

To perform a point-in-time recovery, in CLI execute the following command:

sm_java -Ddrive_num=<drive_number> sds2 recover <Unix_time>

where you replace the variables:

  • <drive_number> with the actual drive number
  • <Unix_time> with the required time in Unix time


See also

Audit LoggingRansomware Protection Best PracticesAbout Authentication and AuthorizationBackup Strategy Best Practices

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.