- Community Home
- >
- Storage
- >
- Midrange and Enterprise Storage
- >
- HPE 3PAR StoreServ Storage
- >
- 3Par Snapshot behaviour if primary volume is encry...
-
-
Forums
- Products
- Servers and Operating Systems
- Storage
- Software
- Services
- HPE GreenLake
- Company
- Events
- Webinars
- Partner Solutions and Certifications
- Local Language
- China - 简体中文
- Japan - 日本語
- Korea - 한국어
- Taiwan - 繁體中文
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Blog, Poland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-26-2021 05:49 AM
05-26-2021 05:49 AM
Hi,
We have an HPE 3Par, and use Virtual copy snapshots as a part of the backup.
Our audit team raised the issue of what happens when the primary volume is encrypted with Ransomware, and how would this affect the snapshots and array capacity?
Any input would be appreciated.
Kind regards
Andrew Rycroft
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-26-2021 06:53 AM
05-26-2021 06:53 AM
SolutionHi Andrew,
Short version: The snapshots will grow and consume some of your free pool.
Long version: Everything's virtual. Between the logical volume and the physical disks are pointers to pointers to pointers to ... You get the idea. When a snapshot is made, the virtual volume's pointer block is duplicated. At least for an instant, both the parent volume and the snapshot point to the same physical disk locations; one LUN block, two virtual volume pointers.
From that point on, if both virtual volumes' (parent and snapshot) point to the same physical data, then a free block is allocated, the parent pointers are updated to point to the free block and the data is written. The snapshot still points to the parent's pre-snap logical block.
Two logical blocks, two pointers. As they are now pointing to separate blocks of data, any subsequent changes to the parent logical block have no effect on the snapshot logical block.
As more and more of the parent volume is changed, the snapshot will grow holding all the pre-snapshot data.
You may want to search for the white paper, HPE 3PAR Virtual Copy -- 4AA6-4486ENW
Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-26-2021 02:29 PM - edited 05-26-2021 02:34 PM
05-26-2021 02:29 PM - edited 05-26-2021 02:34 PM
Re: 3Par Snapshot behaviour if primary volume is encrypted by Ransomware
Lastly: Having thought about it, I went to the 3PAR bible ("HPE 3PAR Command Line Interface Reference"). The "setvv" command has a couple policy options:
- stale_ss—Specifies that invalid snapshot volumes are permitted. Failure to update snapshot data does not affect the write to the base volume, but the snapshot is considered invalid.
- no_stale_ss—Specifies that invalid snapshot volumes are not permitted. Failure to update a snapshot is considered a failure to write to the base volume.
The default is "stale_ss". And if I wanted snapshots to protect against a base volume getting corrupted by ransomware, I think you want them set to "no_stale_ss" -- Fail to write to the base volume rather than consider the snapshot invalid.
And you may want to set the Retention Date on the snapshots so someone can't get in to the 3PAR and delete the snapshots.. 2 or 3 days? a week? Long enough to see things have gone to hell and you still have valid snapshots.
You have hardened the password for 3paradm, haven't you? 8^)
Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2022 Hewlett Packard Enterprise Development LP