New capabilities

This feature offers users a way to create WORM-compliant vaults. Infinity Storage can make a SEC WORM-compliant storage solution when used with local disks.

Locked Vault enables storage vaults to be created and registered under the exclusive control of the Infinity Storage Gateway. IBM Cloud Object Storage System™ stores records that are received from the Infinity Storage Gateway. The Infinity Gateway authenticates to the Manager exclusively by using an RSA private key and certificate that was created for access to a Locked Vault and registered only with the Infinity Gateway. If a key is compromised, the Infinity Gateway rotates keys by calling the Rotate Client Key Manager REST API. This API replaces the existing key and revoke the old certificates.

A locked vault with data cannot be deleted by the Administrator and its Access Control Lists (ACLs) cannot be changed. Additionally, it cannot be renamed or have a proxy setting enabled. In addition to locked vaults, private users are also allowed to create regular vaults.

Infinity Storage manages record files in "Volumes.” To be compliant with the Rule, all Volumes must be designated as compliance WORM and have a designated retention period. When created, all record files that are written to the WORM Volume by the broker/dealer application (via NFS, CIFS or S3) cannot be deleted or altered until the retention period expires.

Infinity Storage prevents all attempts to modify or delete a record file until its designated retention period expires. The protection is at the file system kernel level and ensures that all I/O system calls are under its exclusive control.

All record files that are stored in WORM Volumes must be assigned a retention period that is designated as time-based, event-based, or both. Infinity Gateway enforces the retention period and protects the files from modification or deletion until the retention period expires.

In addition to locked vaults, the user is also allowed to create locked mirrors. The Vault Mirroring capability creates a duplicate copy at the time the record file is written. Infinity writes each record file to one volume, and IBM Cloud Object Storage System™ creates the mirror across two pools of storage.