Write Once Read Many (WORM) Volumes

Storage for Compliance–Ready Archiving

Regulatory agencies require that data be retained, quickly retrievable and provably unmodified. Strict U.S. government rules such as SEC 17a–4, NASD 3110 (now FINRA), DOD 5015, Sarbanes–Oxley, and HIPAA place heavy financial penalties on companies that fail to comply. Similar regulatory requirements exist worldwide. Write Once Read Many (WORM) technology is the standard for addressing these requirements.

A standard Permabit Enterprise Archive™ feature is the capability to create WORM volumes alongside Read/Write volumes without the need for any separate software or hardware.

Unlike other storage systems that must be installed exclusively in WORM or non–WORM mode, or legacy optical/DVD approaches, the Permabit solution allows the flexibility to use a single storage platform to store compliance based information alongside read/write data archived for primary storage savings. And, by having this information stored on disk rather than removable media, data is instantly accessible in the event of a litigation request.

Within the storage grid architecture, a volume can be defined as WORM or Read/Write. With the “Convert to WORM” feature, any Read/Write volume can be converted at any future time. Content certificates identifying both when files were created as well as when (if ever) they were last modified are created as part of the conversion process. This allows for the archive to be immediately implemented without having to make the initial decision up front on the type of volume the data is stored in or what the retention policies are.

There are 2 levels of WORM volumes that can be
created within the Permabit archive:

• Compliance WORM — To meet the most stringent of regulatory requirements such as SEC 17a–4. Data cannot be altered or deleted until the expiration period has been reached.

• Enterprise WORM — Administrators can delete at the volume level, but not at the file–level.

Applications can directly designate retention requirements for files in a WORM volume using a protocol defined on top of the ordinary volume operations (based on the NetApp SnapLock™ scheme). Retention policies can also be set within the Permabit administrative console.

Permabit Features:

• Built–in: WORM is a standard feature in the Enterprise Archive. There are no additional licenses, software, or hardware to purchase.

• Flexibility: The decision to create a WORM volume does not have to be made up front. Any Read/Write volume can be easily converted to WORM using the “Convert to WORM” feature, at anytime.

• Compliance WORM: For regulatory compliance. Volumes created using Compliance WORM cannot be deleted or altered until the retention period has expired. This is a requirement for regulations such as SEC 17a–4.

• Enterprise WORM: For corporate governance. Volumes created using Enterprise WORM allow administrators to delete an entire volume, just not the files under retention within the volume.

• Content Certificates: Designed to provide legal validation that files have not been modified since they were originally created on the system, even in cases where they were deposited in a volume before “Convert to WORM” was utilized.

• WORM Snapshots: Volume snapshots can be saved on a scheduled or ad hoc basis for compliance purposes, in effect creating a series of point–in–time, read–only volume images (and snapshot retention can be enforced even on Read/Write volumes too!).

• Transparent Access: Access to WORM storage files is provided through standard CIFS or NFS file sharing protocols.

• Retention Policies: Retention policies can be managed by third party archiving applications or can be assigned automatically by the Permabit system via Permabit–set WORM retention policies.

Figure 1. Permabit interface allows easy, flexible access to set WORM policies.  >> Click for larger image