SwiftStack Data Protection

SwiftStack Data Protection retains copies of deleted or overwritten objects in limited-access containers. To prevent unbounded cluster growth, these archive copies are kept for some configurable retention period.

SwiftStack Data Protection can be enabled on your SwiftStack cluster by contacting support. SwiftStack Data Protection can help meet compliance rules around where data is required to be retained for a period of time.

Note

SwiftStack Data Protection must first be enabled by contacting SwiftStack support .

SwiftStack Data Protection enables middleware to create versioned containers for every container on the system.

Each time an object is overwritten, the previous version is moved to the versioned container.

Each time an object is deleted, the object is moved to the versioned container and the object is deleted from the original container.

No one can delete from the versioned container. Admins and users with permissions can restore it by copying one of the objects (perhaps the most recent one) back to the original container.

Configuration Overview

Data Protection provides the following middleware to accomplish this capability:

  • Defaulter is a simple middleware that creates a "default" X-Versions-Container header.
  • Versioned Writes causes all writes to be versioned, including deletes. This is different from the Swift behavior to restore an older version upon delete
  • Data Protection prevents deleting anything in the versioned container. This also contains the config for the Defaulter middleware above.

Warning

If configuring SwiftStack Data Protection on an existing cluster, contact SwiftStack support to enable for existing data.

Important! If this container is currently using standard Swift object versioning, the Defaulter and Versioned Writes middleware will override any previously set X-Versions-Container headers.

SwiftStack Data Protection functionality is supported for clusters without SwiftStack File Access accounts.

If using SwiftStack 1space Lifecycle profiles, contact SwiftStack support.

For advanced configuration overview please see SwiftStack Data Protection Suite - Advanced Configuration.

Configure Data Protection Middleware

../../_images/data_protection_middleware.png
  • Update the auto_enable_prefix to a desired prefix e.g. ".versions-"
  • Update the owner_can_protect to "False"
  • Change default_versions_retention to whatever this cluster needs, eg, 7 years would be "364 weeks".

Configure Defaulter Middleware

../../_images/defaulter_middleware.png

Requires no configuration beyond "Enabled."

Configure Versioned Writes Middleware

../../_images/versioned_writes.png

Requires no configuration beyond "Enabled."

Save and Push Configuration

Submit all these changes and Deploy to cluster.

To test, create a container and upload data. Any overwritten or deleted data will be placed in a versioned container prefixed with ".versions-". Observe deletions are not allowed in the ".versions-" containers.

In the SwiftStack Client, in Settings / Application enable "Show hidden containers, and in folder view show hidden objects"

../../_images/swiftstack_client_show_hidden.png

Navigate to a ".versions-" container.

../../_images/swiftstack-client-version-container.png

Observe that any overwritten or deleted objects are unable to be deleted.

../../_images/swiftstack-client-version-objects.png