Working Principle
This section introduces concepts related to the WORM feature and describes the working principle.
Concepts
- WORM compliance clock
To prevent users from changing protection periods of files by changing the system time, storage systems maintain a compliance clock. The WORM compliance clock includes a global security compliance clock and a WORM file system compliance clock.
Clock Type |
Function |
Description |
|---|---|---|
Global security compliance clock |
The storage system maintains a global security compliance clock that serves as the clock source for all WORM file systems. |
Before creating a WORM file system for the first time, the system administrator must initialize the global security compliance clock. The time of the global security compliance clock cannot be changed after initialization. For details about how to initialize the global security compliance clock, see Initializing the WORM Compliance Clock. |
WORM file system compliance clock |
Each WORM file system maintains a compliance clock. The protection periods of files are based on the compliance clock. |
The system will automatically use the global security regulation clock to initialize the WORM file system compliance clock upon the creation of a WORM file system. You do not need to manually initialize the WORM file system compliance clock. |
The WORM file system compliance clock is calibrated by using the global security compliance clock per hour. The calibration rules are as follows:
- If the time of the WORM file system compliance clock exceeds that of the global security compliance clock, set the time value of the WORM file system compliance clock to that of the global security compliance clock.
- If the time of the WORM file system compliance clock does not reach that of the global security compliance clock and the time difference between the two clocks is not larger than 138 seconds, set the time value of the WORM file system compliance clock to that of the global security compliance clock. If the time difference between the two clocks exceeds 138 seconds, add 138 seconds to the time value of the WORM file system compliance clock.
- File states
There are four file states in a WORM file system, as described in Table 1-4.
State |
Description |
|---|---|
Initial |
All newly created files are in the initial state. Files in the initial state can be read, written, and modified by all users. |
Locked |
Files in the locked state cannot be modified, deleted, or renamed by all users. These files can only be read and their properties can be viewed. |
Expired |
Files in the expired state can be deleted and read and their properties can be viewed. However, these files cannot be modified or renamed. |
Appending |
Data can be added to the end of files in the appending state and these files cannot be deleted, truncated, or renamed. |
- File signature
The signature is used to verify the file integrity. The file signature in a WORM file system refers to the file fingerprint that is automatically calculated when the file is entering the protection state. For example, if a disk of a WORM file system malfunctions, you can verify file signatures to ensure that files in the WORM file system are not damaged after the disk recovery. For details about the operations, see Verifying the Signature of a WORM File.
- WORM properties of a file system
After the WORM feature is configured for a file system, the file system has the WORM properties. The WORM properties apply to files in the WORM file system. You can view the WORM properties to determine the lock time and overdue time of a file. Table 1-5 lists WORM properties of a file system.
Property |
Description |
|---|---|
Mode |
Both WORM-C and WORM-E are supported. |
Min. Retention |
Minimum retention period supported by the WORM file system. The retention period of a file in the WORM file system cannot be shorter than this value. |
Max. Retention |
Maximum retention period supported by the WORM file system. The retention period of a file in the WORM file system cannot be larger than the maximum retention period. |
Default Retention |
Default retention period supported by the WORM file system. The retention period of a file in the WORM file system is the default value of the parameter if you do not set a retention period for the file. |
Automatic Lock |
After the automatic lock function is enabled, files in the WORM file system automatically enter the locked state a specific period of time after data or metadata in the files is modified. |
Lockout Wait Time (hours) |
Indicates how long files will enter the locked state by default after being modified. This parameter is valid only when Automatic Lock is enabled. |
Automatically Delete |
After this function is enabled, a storage system automatically deletes expired files. NOTE:
Before enabling this function, ensure that files do not need protection and can be automatically deleted by the system after they expire. |
- Approaches to sending files to the locked state
Locked files are protected and can be read only. It cannot be modified, deleted, or renamed. You can use two approaches to enable files in a WORM file system to enter the locked state.
- Automatic submission for protection
Files in a WORM file system automatically enter the locked state in the specified period of time (Lockout Wait Time (hours) after the files are modified.
- Manual submission for protection
Manually remove the write permission of files in a WORM file system or set files to read-only, and then the files enter the locked state immediately.
- Automatic submission for protection
- Overdue time
Each file has the atime property that indicates the point in time of the last access to the file. For a WORM file, atime indicates the time when the file is no longer protected by WORM. After a file enters the locked state, atime is not changed as the file is accessed. The value of atime is calculated in the following two types of scenarios:
- Automatic submission for protection
No matter whether you set the atime property or not: atime = WORM file system compliance clock's value after files are modified + Lockout wait time + Default retention period
- Manual submission for protection
- Automatic submission for protection
- If no atime is set: atime = Current value of the WORM file system compliance clock + Default retention period
- If atime is set but is ≤ Current system clock, atime = Current value of the WORM file system compliance clock + Default retention period.
- If atime is set and Current system clock < atime ≤ Current value of the WORM file system compliance clock + Minimum retention period, atime = Current value of the WORM file system compliance clock + Minimum retention period.
- If atime is set but atime > Current value of the WORM file system compliance clock + Maximum retention period: atime = Current value of the WORM file system compliance clock + Maximum retention period
For some Linux operating systems, atime set by touch -a -t time file is regarded as illegal and is truncated by the system. You can run stat file to check whether the value of atime is the same as the set value. If they are not the same, the value is truncated by the system. Run chmod ugo-w file to set the file to locked. atime = Current value of the WORM file system compliance clock + Default retention period.
- If atime is set and Current value of the WORM file system compliance clock + Minimum retention period ≤ atime ≤ Current value of the WORM file system compliance clock + Maximum retention period, atime = Value that you set.
A WORM file system also has the overdue time. The overdue time of the WORM file system is the time when all files in the WORM file system expire.
Working Principle
With the WORM technology, data can be written to files once only, and cannot be rewritten, modified, deleted, or renamed. If a common file system is protected by the WORM feature, files in the file system can be read only within the protection period. After a WORM file system is created, you need to map it to application servers using the NFS or CIFS protocol.
WORM enables files in the WORM file system to be shifted between initial state, locked state, appending state, and expired state, preventing important data from being incorrectly or maliciously tampered within a specified period. Figure 1-1 shows how a file shifts from one state to another.
- Initial to locked: You can shift a file from the initial state to the locked state using the following methods:
- If the automatic lock mode is enabled, the file automatically enters the locked state a specific period after a change.
- Manually set the file to the locked state. Before locking the file, you can specify a protection period for the file or use the default protection period.
- Locked to locked: In the locked state, you can manually extend the protection periods of files. Protection periods cannot be shortened.
- Locked to expired: After the WORM file system compliance clock reaches the file overdue time, files shift from the locked state to the expired state.
- Expired to locked: You can extend the protection periods of files to shift them from the expired state to the locked state.
- Locked to appending: You can delete the read-only permission of files to shift the files from the locked state to the appending state.
- Only files of 0 bytes can shift from the locked state to the appending state.
- Files in the appending state are protected. When the protection period expires, data can be added to the end of the files and the files can be deleted.
- Appending to locked: You can manually set files in the appending state to the locked state to ensure that files cannot be modified.
- Expired to appending: You can manually set files in the expired state to the appending state.
Only files of 0 bytes can shift from the locked state to the appending state.
Users can save files to a WORM file system and set the WORM properties of the files to the locked state based on service requirements. Figure 1-2 shows the read and write permissions of files in the different states in a WORM file system.
