5 1 0:Recovery of Si3 Deduplication Store with Object Lock
Overview
|
Visit SEP sesam YouTube Channel for latest videos and webinars. |
|
Check FAQ to find the answers to most common questions. |
|
Problems? See the Troubleshooting Guide. |
|
If you are using an older SEP sesam version, refer to Documentation archive. |
To further increase resistance to evolving ransomware attacks, immutable storage is a very effective defense. The Si3 Deduplication Store with Object Lock enables disaster recovery of data objects in a bucket. Because data objects in a bucket with Object Lock function are versioned, every version of every object in the bucket is preserved. Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. If an object is deleted, the data object is not removed permanently, instead the version is marked as deleted. Similarly when an object is overwritten, a new version is created, retaining the previous versions.
With SEP sesam you can perform recovery:
- to the last not deleted version
- to a specific point in time
The object recovery is performed using CLI.
|
Note |
You must have SEP sesam administrator privileges to run SEP sesam CLI commands and use the command prompt as an administrator. All commands are run from the <SESAM_ROOT>/bin/sesam/ directory. If you want to execute SEP sesam commands globally (and not from the actual run directory), set the SEP sesam profile as described in What happens when I set a profile?.
|
Object version recovery
To recover data objects to the last not deleted version, you need the name of the .ini file, which contains the data store configuration. The name of the .ini file is derived from the data store name data_stores.name (si3sesamlock) and the drive number for that data_store, for example, si3sesamlock_2.ini.
|
|
Note |
| Object version recovery cannot be performed while the sds service is running. |
- Before starting the recovery, stop the SDS service using the command sm_main stop sds. This command outputs the name of the .ini file and the associated drive number, and safely stops the SDS service:
/opt/sesam/bin/sesam/sm_main stop sds
Result:
2022-10-19 14:30:32: Found SDS configuration file: "/var/opt/sesam/var/ini/stpd_conf/si3sesamlock_2.ini"
- To perform recovery, in CLI execute the following command:
sm_java -Ddrive_num=<drive_number> sds2 recover
Replace <drive_number> with the actual drive number. - After the successful recovery, restart the SDS service by running the following command:
/opt/sesam/bin/sesam/sm_main start sds
Point-in-time recovery
To recover data objects to a certain point in time, decide the date and time of the restore point and convert it to Unix time (you can use an online converter, for example: EpochConverter).
To perform a point-in-time recovery, in CLI execute the following command:
sm_java -Ddrive_num=<drive_number> sds2 recover <Unix_time>
where you replace the variables:
- <drive_number> with the actual drive number
- <Unix_time> with the required time in Unix time
See also
Audit Logging – Ransomware Protection Best Practices – About Authentication and Authorization – Backup Strategy Best Practices