hello welcome to this video where we will examine how cloud backup data lock and ransomware support Works what is data lock and ransomware protection feature protection against ransomware attacks and unauthorized deletions have become one of the highest priority requirements among customers cloud backup now provides the option to set data lock and ransomware scan feature on cloud backups this feature provides a mechanism to lock snapshots replicated to the cloud Object Store the ability to detect ransomware attack and recover consistent copy of the cloud snapshot the solution uses both snaper to cloud and active data connector technology to achieve the above functionality currently the feature is supported only for storage grid and AWS now let's try to understandthe scope of this feature data lock and ransomware protection is supported onPrem ontap clusters and Cloud volumes ontap on versions 9.1.1 and above it currently supports AWS S3 Object Store and storage grid will be supported in September 2022 Azure and gcp Object Store will be supported by December 2022 it's currently available on cloud manager SAS and Cloud manager dark site deploymentplease note that this feature is applicable only for new activations there is no interoperability with archival policy and this feature scans only Cloud backups it does not support scanning local snapshots for ransomware attack we will now look how to enable data lock and ransomware protection make sure that data lock and ransomware protection is set while enabling cloud backup service on the working environmentsplease note if you miss setting the data lock and ransomware protection while enabling cloud backup service on the working environment you will not be able to enable it thereafter so where exactly can you enable this feature enabling this feature happens under the Define policy screen in the activate backup for working environment visard to activate the cloud backup service select the workingenvironment click on enable button on the backup and restore tab given the appropriate provider settings and click on next in the next page of the wizard let's define the policy given a policy name or choose the defaultname in the label and retention section please make sure to select the label and retention carefully for the policy as it determines the snapshot retention period is calculated as per the label and theretention count defined by the user in the policy please note that the minimum snapshot retention period that will be assigned would be 30 days now let's take an example if a user chooses daily label with retention count as 20 then the snapshot detention period is calculated as 20 days but it defaults to 30 days as it's the minimum now if the user chooses monthly label with intention count as three then the snapshot retention period is calculated as 90 days now let's try to understand how the retention until date which is stamed on the cloud object is computed it is computed based on the snapshot retention period recorded in the metadata of the object the retention under date is calculated by summing up the snapshot retention period and the buffer which is set as 14 days once you've chosen the labels and retention appropriately let's go ahead and enable data lock and rware protection choose the appropriate mode governance or compliance please Note data lock protection mode when set to governance or compliance cannot be changed after the policy is created also disabling and modifying data lock and rans protection feature is not possible when you enable the data lock Lo and ransomware protection feature the archival policy will be disabled this is because the interoperability is not supported go ahead and click on next now in the select volumes tab go ahead and choose the required volumes once the volumes are chosen click on activate backup once it's completed cloud backup service will be enabled on the working environment along with the data lock and ransomware protection feature let's try to understand how data lock feature works the snapshot retention period is set as per the label and retention count we set in the cloud backup policy the retention until date is computed based on the snapshot retention period recorded in the metadata of the object while transferring using snap miror to Cloud now Cloud backup uses the snapshot list rest API in the active data connector to determine all the snapshots that are not yet logged based on the snap mirror policy for each of the snapshots cloud backup uses the active data connector to stamp the retention until date in all the objects belonging to the snapshot this guarantees that snapshot is locked until the retention until date expires now let's try to understand how the ransomware protection works ransomware detection scans are run on each protected backup copy in the following scenarios a schedule task runs the scan once on the object it runs once again before the restore operation but this is optional and also on demand if it is required by the user how does the scan work before the ransomware scans are initiated cloud backup checks if the snapshot is stamped cloud backup uses the active data connector Integrity Checker rest API to initiate the scan this API triggers a ransomware scan on the cloud backup objects on the cloud Object Store by verifying the check sum of the different backup object versions based on the result of the scan cloud backup initiates the recovery process now let's try to understand the recoveryprocess when a ransomware attack is detected cloud backup uses the active data connector Integrity check arrest API to start the recovery process in the event of a ransomware attack the ransomware tries to overwrite or delete the object in the bucket when the ransomware tries to override the object a new version is created when the scan is done check Sims are computed for both the object versions and compared if the check Sims are inconsistent there is a potential ransomware detected for the recovery process it will revert to the last known good copy and a version three will be created which is an exact duplicate of versionone let's look at a quick demo to see the ransomware scan status let's go to the backup dashboard page choose a volume and click on backup details in this UI a new column named ransomware scan hasbeen introduced you can see that the backups have been protected the ransomware scan has run on these Cloud objects as a part of the scheduleruns you can do an OnDemand ransomware scan on the backups by selecting the backup and choosing ransomware scan if there is a ransomware attack detected it will be notified under the notificationpanel you can get the notification panel Chanel by clicking on the Bell icon on the top right hand corner of the UI the notification will inform us that a potential ransomware attack has been identified on the backup copy with a particular name on the particular volume and Cloud backup automatically has reverted to the last known good version of the backup copy ransomware attack will also be notified in the backups detailed page if the ransomware scan has failed for any of the backups it will notify you that there is a potential ransomware attack and Cloud backup has automatically reverted to the last known good version of the backup copy now let's examine how the ransomware scan process happens during a restore process let's go to the restore dashboard and click on restore volumes here go ahead and choose the appropriate volume and click on the snapshot that you would like to restore in the select backup window a new ransomware scan column has been added which shows a scan status when you click on next a ransomware scan UI will open up with the details of the ransomware scan it'll also give you a recommendation to go ahead and scan before restoring