Archive data retention protection

Tivoli Storage Manager currently prevents the modification of data under Tivoli Storage Manager control and the deletion of archive objects by unauthorized agents, such as an individual or a program. This protection extends to preventing the deletion of data by any agent before the expiration of the retention period.

About this task

Protecting archive retention helps to ensure that no individual or program can maliciously or accidentally delete data that is under Tivoli Storage Manager control. An archive object that is sent to an archive retention protection server is protected from accidental deletes and has an enforced retention period. Archive retention protection has the following restrictions:
  • Only archive operations are allowed on a retention protection server.
  • Any object that is not bound explicitly to a management class through a value in the dsmBindMc function call or through include-exclude statements is bound to the explicit name of the default management class. For example, if the default management class in the node policy is MC1, the object is bound explicitly to MC1 rather than to DEFAULT. On a query response, the object displays as bound to MC1.
  • After you enable archive data retention protection, any attempt to delete an object before the retention period expires returns the code DSM_RC_ABORT_DELETE_NOT_ALLOWED on the end transaction.
See the appropriate Tivoli Storage Manager server Administrator's Reference for setting retention protection for an archive object.

Procedure

To set up archive data retention protection, complete the following steps:

  1. On a new server installation with no previous data, run the SET ARCHIVERETENTIONPROTECTION ON command.
  2. In the API option string on the dsmInit or dsmInitEx function calls, enter the following instruction: 
      -ENABLEARCHIVERETENTIONPROTECTION=yes
    You can also set the enablearchiveretentionprotection option in your dsm.opt file on systems other than UNIX, or in your dsm.sys file on UNIX systems: 
    SERVERNAME srvr1.ret
   TCPPORT                          1500
   TCPSERVERADDRESS                 node.domain.company.com
   COMMMETHOD                       TCPIP
   ENABLEARCHIVERETENTIONPROTECTION YES
    For more information about this option, see The enablearchiveretentionprotection option.
  3. Issue a query to the server to confirm that the Tivoli Storage Manager server is enabled for archive retention protection. Check the value of the archiveRetentionProtection field in the dsmQuerySessInfo structure.