When you create a policy with a
Retention Lock Compliance replication context or modify an existing policy to add a
Retention Lock Compliance replication context, the
Cyber Recovery software detects the context. If your deployment is running DDOS 7.8, the
Cyber Recovery software modifies a setting on the
DD system in the
Cyber Recovery vault. This one-time modification enables the
Cyber Recovery software to support
Retention Lock Compliance contexts.
When you create a policy that uses a
Retention Lock Compliance replication context, the
Cyber Recovery UI and
CRCLI prompt you for the Security Officer (SO) credentials. By default, the security authorization for disabling replications is set to
enabled. This setting means that the
DD system continues to prompt for the SO credentials when the
Cyber Recovery software attempts to disable a replication at the end of any Sync action. So that the workflow is not impeded, when you create a policy that uses a
Retention Lock Compliance replication context, the
Cyber Recovery software changes the setting to
disabled. This change ensures that for subsequent workflow actions that disable replications and require SO credentials, the
Cyber Recovery software is not required to provide these SO credentials.
If a replication context configured in a
Cyber Recovery policy is migrated to a
Retention Lock Compliance replication context using the same name, the
Cyber Recovery software cannot detect this change. The replication context is migrated to a
Retention Lock Compliance replication context, but the
Cyber Recovery software does not modify the setting on the
DD system. Unlike a policy creation, the
Cyber Recovery software does not change the authorization for replication disable setting to
disabled on the DD system if it is in the
enabled state (the default setting). You must change the setting manually on the
DD system.
Run the following command on the
DD system to verify the current authorization for replication disable setting on the
DD system:
system replication security-auth repl-disable status
If the status is
enabled, run the following command on the
DD system to set the authorization for replication disable setting to
disabled:
system replication security-auth repl-disable disable
This command requires SO credentials. It provides a one-time modification on the
DD and enables future
Retention Lock Compliance migrations to work properly.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\