File Retention Management

The share file retention policy provides a facility for data governance, legal holds, and compliance records retention. Both data governance and regulatory compliance can be used to help protect from cyber and ransomware attacks.

• Data Governance - Data governance locks datasets (snapshots, objects or files) for a period of time, thus protecting the data from deletion. You might need to protect certain datasets as part of internal business process requirements or to protect datasets as part of your cyber-protection strategy. Data governance allows for adjustments in the retention strategy from privileged users.

  File retention data governance is implemented by creating a new project and filesystem with the "privileged" file retention policy. Privileged mode allows you to create a default retention setting for all new files, and to change that setting in the future to a shorter or longer duration. Files inherit the retention setting in effect when they are created. Retention can also be adjusted manually to a longer duration by changing the unlock timestamp. Projects and filesystems cannot be deleted when they have locked files.

• Legal Holds - A legal hold preserves certain business data in response to potential or ongoing lawsuits. A legal hold does not have a defined retention period, and it remains in effect until removed. Once the legal hold is removed, all protected data is immediately eligible for deletion unless other retention rules still apply.

  File retention legal holds on files are implemented by manually increasing the retention period on individual files, or by setting a hold for individual files so that their expiry date extends indefinitely. Because a legal hold may be required for an indefinite period of time, it is recommended to periodically extend manual retention. Holds on files never expire; the hold must be explicitly turned off. These two methods allow file retention to expire after the need for the legal hold has passed.

• Regulatory Compliance - Your industry might require you to retain a certain class of data for a defined length of time. Your data retention regulations might also require that you lock the retention settings. Regulatory compliance only allows you to increase the retention time, if at all. Regulatory compliance is the most restrictive locking strategy, and it often does not allow anyone, even an administrator, to make changes affecting retention.

  File retention regulatory compliance is implemented by creating a new project and filesystem with the "mandatory (no override)" file retention policy. Mandatory mode does not allow you to decrease the file retention duration. However, retention can be adjusted manually to a longer duration by changing the unlock timestamp. Regulatory compliance uses the same mechanisms as data governance, but it is much more restrictive. The project and filesystem cannot be deleted when locked files exist, and the storage pool cannot be unconfigured when locked files exist within the pool. This mode also requires usage of an NTP server, and the root user is locked out of remote access.

File retention completes the trio of retention products for Oracle ZFS Storage Appliance: file retention, snapshot retention, and object storage retention.

When the file retention policy is enabled, files become retained when set to readonly. Each file has a retained-until-expiration timestamp. This expiration date is either explicitly set or calculated based on the retention policy set on the share. When automatic retention is enabled, a file that has not been modified for the grace period is automatically retained at the default period value. Automatically retained files can have a longer retained-until-expiration date by manually setting the value.

A retained file cannot be modified, even after its expiration; this includes its name and attributes. When the expired date has been reached, retained files can be deleted, but not modified. A retained file's expiration date can be lengthened, but never shortened.

File retention is set at share creation, and it can be set to off (default), privileged, or mandatory. After setting privileged or mandatory file retention, you define the retention periods: minimum, maximum, default, and optional grace period.

This section contains the following topics:

• Privileged File Retention

• Mandatory File Retention

• Automatic File Retention

• Mandatory with Automatic File Retention Guidelines

• Retention Period Settings

• Prerequisites

• Planning Guidelines for File Retention
• Creating a Filesystem or Project with File Retention

• Viewing the Retention Policy Type and Statistics