Configuring Wasabi cloud storage repository and enabling immutability

Wasabi is a cloud storage solution offering secure and scalable object storage. Similar to other cloud storage services, Wasabi utilizes buckets to organize your data. These buckets act like folders, allowing you to group and manage your files efficiently. Wasabi uses standard S3-compatible APIs to ensure compatibility with various backup and recovery software.

One of the key features of Wasabi is its ability to enforce immutability on stored data. This means files cannot be accidentally deleted or modified for a predefined period, safeguarding them from ransomware attacks and human error. Wasabi offers two ways to achieve immutability: Compliance and Object Lock.

• Compliance: Prevents the deletion of any objects and provides additional information to prove that the original data has not been modified since the time it was stored. Compliance is a bucket-level setting and can be enabled at any time, even after the creation of the object.
• Object Lock: Prohibits modification, overwriting, or deletion of specific object versions during a configured retention period. Object Lock is an object-level setting and must be enabled during bucket creation.

Understanding retention period in Wasabi and RecoveryManager Plus

When Object Lock is enabled, backup files written to the Wasabi buckets can be configured with a retention period. Setting clear retention policies is essential when enabling immutability, as it cannot be modified once the immutability period starts. There are two modes to define a retention period:

• Governance mode: Allows privileged users with specific permissions to delete objects before the retention period ends, offering flexibility for administrative oversight.
• Compliance mode: Ensures no one, including administrators, can delete or modify objects until the retention period expires, providing maximum protection against data tampering and is ideal for regulatory compliance.

For example, if a retention period is set to six months in RecoveryManager Plus and the backup immutability period is set to one year in Wasabi, backups stored in Wasabi are protected for one year based on the immutability period set. After six months (the retention period set in RecoveryManager Plus), the product will attempt to delete backups that are older than six months. However, because of the one-year immutability set on the repository, Wasabi will not process any deletion requests until the one-year time period has elapsed.

To avoid data being deleted earlier than intended or stored longer than necessary, ensure that the retention period configured in both RecoveryManager Plus and Wasabi is the same.

Creating a bucket in Wasabi and enabling immutability

Prerequisites:

• To enable immutability, you must create and have an active Wasabi bucket.
• The Object Lock has to be enabled on buckets during creation. You cannot enable immutability to already existing repositories.

To create a bucket and enable immutability, follow the steps listed below:

1. Log in to the Wasabi Console.
2. Click Buckets from the left pane under the Data Access section.
3. Click Create Bucket.
4. Configure the bucket settings:
   • In the Select Bucket Name field, provide a unique name for the bucket.
   • From the Select Region drop-down, select the region where you want to store your data.
   • From the Quick Setup (optional) field, select an existing bucket to copy the settings from it and click Next.
   • Toggle the Bucket Versioning and Object Lock buttons and click Next.
     Note: To activate Object Lock, Bucket Versioning must be enabled.
   • Enable Bucket Logging to create a text log file that records all access events for this bucket and stores it in the designated bucket. Provide a Logging Prefix and Target Bucket and click Next.
   • Enable Object Replication to create a replication job immediately after creating this bucket to copy objects from an active source storage bucket (source) to one or more destination buckets and click Next.
   • Apply tags to the bucket if desired and click Next.
   • Review the entered details and click Create Bucket to complete the bucket creation process.

To modify the retention policy in Wasabi, follow the steps listed below:

1. Log in to the Wasabi Console.
2. Click Buckets from the left pane under the Data Access section.
3. Search for the bucket name in the search bar and click the icon in the bucket.
4. Select Object Lock and enable Default Object retention.
5. Select either governance or compliance mode.
   Note: To override or remove governance mode retention settings, you must have the s3:BypassGovernanceRetention permission.
6. In the Retention Time field, set the desired retention period.
7. Click Apply and type CONFIRM to complete the process.

Adding Wasabi as a repository in RecoveryManager Plus

To add Wasabi storage as a repository:

1. Navigate to Admin tab > Administration > Backup Repository > Cloud.
2. Click the Add Repository button in the top-right corner.
3. Select Wasabi from the Repository Type drop-down.
4. Enter a name in the Repository Name field.
5. Enter the Access Key and Secret Access Key. To learn how to find your Wasabi Access Key and Secret Access Key, click here.
6. Enter the Bucket Name.
   Note: Metadata of the Microsoft 365, on-premises Exchange, Google Workspace, and Zoho WorkDrive backups will be stored in the default Elasticsearch node.
7. Click Save.

The integration of Wasabi with RecoveryManager Plus, along with the immutability feature through Object Lock, enhances your data protection strategy by preventing accidental or unauthorized modifications to critical backups.

Finding your Access Key and Secret Access Key in Wasabi

1. Open the Wasabi Console in your web browser.
2. Select Users under Users & Groups in the left pane.
3. Click Create User to create a new user.
4. Enter a name for the user in the Create a Username field.
5. In the Type of Access field, check the Programmatic (create API keys) box.
6. Leave the Multi-Factor Authentication (MFA) box unchecked and click Next.
7. Assign the user to a group if needed and click Next.
8. Click the Attach Policy to User, select WasabiFullAccess and click Next.
9. Review the entered details and click Create User.
10. Copy the Access Key and Secret Key from the pop-up that appears to configure your Wasabi storage account in RecoveryManager Plus.