Snapshot policies

A snapshot policy is a set of rules that controls the creation and expiration of snapshots.

A snapshot policy has the following properties:
Backup interval
The length of time interval between snapshot backups. The minimum value is 60 minutes.
Retention period
The length of time which snapshots are retained. The maximum length is 365 days.

With snapshot policies, administrators can schedule the creation of snapshots for volumes in a volume group at specific intervals and retain based on their security and recovery point objectives (RPO).

A snapshot policy can be assigned to one or more volume groups, whereas a volume group can only have one snapshot policy. When assigning a snapshot policy to a volume group, you can specify that the snapshots are safeguarded.

The snapshot policy configures the internal scheduler, which creates and deletes snapshots. The system provides predefined polices that contain specific retention and frequency values for common use-cases. The system also allows creation of the user-defined policies.

The following predefined policies are supported and can be used:
  • A policy for frequent snapshot creation and shortest retention. With this policy, snapshots are created every six hours and retained for one week. Use this policy for volume data that requires the highest recovery point objective (RPO). This policy is intended for data that is frequently updated and business‑critical. Examples include customer account data, order data, or other proprietary information. For more information about RPO requirements, refer to your organization’s business continuity plan.
  • A policy for less frequent snapshot creation with medium retention. With this policy, snapshots are created weekly and retained for one month. Use this policy for application data that is updated frequently and requires a high RPO, but does not contain business‑critical data.
  • A policy for less frequent snapshot creation with long retention. With this policy, snapshots are created monthly and retained for one year. Use this policy for data that is not updated frequently but must be retained, such as historical customer data or employee records.
  • A policy for cloud snapshots only. With this policy, cloud snapshots are created daily and retained for one month. Use this policy to store snapshots of volumes in cloud storage.
  • A hybrid policy can be used to create schedules for local snapshots and cloud snapshots. With this policy, local snapshots are created every six hours and retained for one week. Cloud snapshots are created daily and retained for one month. Use this policy for volume data that requires the highest RPO and for storing snapshots of volumes in cloud storage.
Note: Snapshots can also be added and managed with external schedulers like IBM Copy Services Manager.

Managing snapshot policies

An administrator or security administrator can create, define, and assign a snapshot policy to a volume group.

Assigning snapshot policies

Policies can be created and assigned to volume groups from the Policies > Snapshot policies tab of the management GUI.

If the backup start time is in the past, it will be advanced according to the backup interval until a time in the future is reached. A monthly scheduled snapshot creates snapshot on the same day of each month for days 1-28 based on the start time. If the scheduled day is not available in that month, the last day of the month is considered.

Note: For example, if snapshot policy is specified for every month and the start date is 31 May, the next snapshot date would be 30 June, followed by 31 August. Daylight savings do not affect the backup and retention intervals that are specified by the schedule. For example, if snapshots are triggered daily and occur every day at 2:00 AM before daylight savings start, they are created at 1:00 AM when daylight savings pushes the time ahead by an hour. The backup interval remains constant at 24 hours in this example.
Note: If you change the system time or timezone (for example, when moving domain controllers or correcting time settings) after a schedule has been set up, the change will not affect these schedules. They are based on an internal tick-driven time delta, not the actual clock time delta.
The command-line interface provides the following command to assign snapshot policies:
  • mksnapshotpolicy creates a snapshot policy.
  • mkvolumegroup assigns a snapshot policy to a volume group at the time of creation.
  • chvolumegroup changes or assigns the snapshot policies on an existing volume group.

If you assign a policy to a volume group that already has a policy associated with it, the newly assigned policy replaces the existing policy.

When a snapshot policy is added to a volume group, you can specify the schedule to create a safeguarded snapshot. For example, chvolumegroup -snapshotpolicy 0 -safeguarded MyGrp.

Deleting snapshot policies

Use the rmsnapshotpolicy command in the command-line interface to delete the user-defined snapshot policies.

The predefined policies cannot be deleted.

Security administration privileges are required to delete policies that are associated with volume groups.

Changing snapshot policies

Use the chsnapshotpolicy command in the command-line interface to change the name of the user-defined snapshot policy. The name can also be changed from the Policies > Snapshot policies tab in the management GUI.

Suspending snapshot policies

If the source volumes are compromised during a cyberattack or during a disaster recovery scenario, any snapshot taken during an attack can contain malicious data or software. The system supports suspending snapshot policies until the compromised data can be determined. This can be done at a volume group level by using the Volumes > Volume groups panel on the GUI, or the chvolumegroupsnapshotpolicy command.

Alternatively, all snapshot policies on the system can be suspended using the chsystem command. Snapshots can be used for cloning or restoring while any snapshot policies are suspended.