> For the complete documentation index, see [llms.txt](https://docs.vergeos-demo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vergeos-demo.com/automate-protect-and-extend/backup-and-dr/immutable-snapshots.md). # Immutable Snapshots ## Overview {% hint style="danger" %} **Critical: Understand Risks Before Enabling** **Immutable snapshots CANNOT be deleted for 7 days - even in emergencies.** **This means:** * If storage fills up, you CANNOT immediately free space by deleting these snapshots * There is NO emergency override for administrators or VergeOS support * Storage emergencies require 7-day advance planning or adding physical capacity **Before enabling, ensure:** * Storage utilization is below 70% * You have capacity monitoring and alerting configured * You understand your snapshot retention will consume X GB over 7 days **VergeOS recommends:** Use immutable snapshots only for short retention (3 hours default) in production systems, or use them in dedicated backup systems with ample capacity. {% endhint %} An immutable snapshot is a powerful safeguard feature designed to prevent tampering or deletion of saved data, even by administrators or automated processes. The immutable option provides a safety net against accidental or malicious erasure, ensuring that a snapshot remains available when needed for data recovery. When a snapshot is marked as immutable, deletion is blocked for all users, including administrators and root users. This effectively locks the snapshot until it expires, or the immutable flag is removed with a mandatory waiting period. {% hint style="success" %} **Key Features** * Complete deletion protection, even from privileged accounts * Seven-day unlock delay for enhanced security * Applies to system snapshots only * Built-in ransomware protection {% endhint %} ## How Immutable Snapshots Protect Against Ransomware Ransomware actors commonly delete all available snapshots to eliminate recovery options, forcing victims to pay the ransom. Immutable snapshots provide critical protection by: * Preventing immediate deletion of secured snapshots * Giving system administrators time to detect malicious activity * Ensuring recovery options remain available during an attack * Maintaining data protection even with compromised administrator accounts ## Best Practices and Recommendations ### Storage Capacity Planning **Critical Considerations:** * Plan for storage capacity carefully, as immutable snapshots cannot be deleted immediately to reclaim space * Ensure you have an adequate storage buffer to account for the seven-day unlock delay * If approaching storage limits, remember that clearing space through snapshot deletion requires advance planning ### Access Control **Security Recommendations:** * Restrict snapshot access to only users who need it and understand the implications * Ensure users with snapshot access are trusted and properly trained * Implement proper role-based access controls ### Operational Guidelines **Best Practices:** * Avoid operating too close to storage capacity limits where undeletable snapshots could cause issues * Plan snapshot retention policies with the seven-day unlock delay in mind * Consider storage growth and capacity planning as part of your backup strategy ## VergeOS Implementation VergeOS implements immutable snapshots differently from many other solutions to provide enhanced security: * **No immediate unlock capability**: Unlike other systems, VergeOS does not allow anyone (regardless of permission level) to remove an immutable flag from a snapshot immediately * **Mandatory waiting period**: This prevents attacks using compromised administrator-level accounts to remove immutable attributes in order to immediately erase all snapshots * **Enhanced threat protection**: The design specifically addresses sophisticated attacks that target administrative privileges {% hint style="info" %} **Default Behavior** The default profile: *System Snapshots* is configured to set *Hourly for 3 hours* snapshots to *Immutable*, providing preconfigured baseline protection. {% endhint %} ## Managing Immutable Snapshots ### Enabling Immutable Protection ("Lock" a Snapshot) 1. Navigate to **System** > **System Snapshots**. 2. **Double-click** the **desired snapshot** from the listing. 3. Toggle the **Immutable** option to enabled (the button will move to the right). 4. Click **Submit** at the bottom of the page to save the change. 5. You are returned to the System Snapshots Listing. The snapshot will display a lock icon to indicate immutable protection is active. ### Automating Immutable Protection To automatically enable immutable protection: You can configure the profile used for taking system snapshots to automatically enable the immutable flag as snapshots are created. 1. Start at the snapshot profile's dashboard page: navigate to System > Snapshot Profiles > double-click the appropriate profile. 2. Click Profile Periods on the left menu 3. Double-click a period, toggle the Immutable option to enabled (the button will move to the right), and click Submit at the bottom of the page to save changes 4. The modified profile period will now display a checkmark in the Immutable column and snapshots created with this profile period will automatically be marked immutable 5. Repeat this process for each profile period where automatic immutable snapshots are desired ### Disabling Immutable Protection ("Unlock" a Snapshot) **To disable immutable protection:** 1. Navigate to **System** > **System Snapshots**. 2. Double-click the desired snapshot from the listing. 3. Toggle the **Immutable** option to disabled (the button will move to the left). 4. Click **Submit** at the bottom of the page to save changes. 5. Return to the System Snapshots listing — the snapshot will display *Unlocking* status and the scheduled unlock date. The snapshot remains protected and undeletable until the displayed date (seven days from the unlock request or the snapshot's natural expiration date, whichever comes first). ### Understanding Unlock Behavior and Expiration **Critical concept:** The snapshot's original expiration date always takes precedence over the 7-day unlock period. When you request an unlock: * **If expiration < 7 days**: Snapshot deletes at expiration (e.g., 3-day expiration = deletes in 3 days) * **If expiration > 7 days**: Snapshot deletes after 7-day unlock period * **If expiration = never**: Snapshot deletes after 7-day unlock period **Examples:** | Snapshot Expiration | Unlock Requested | Actual Deletion Time | Why | | ------------------- | ---------------- | -------------------------- | ----------------------------- | | 12 hours | Now | 12 hours from creation | Expiration happens first | | 3 days | Now | 3 days from creation | Expiration happens first | | 10 days | Now | 7 days from unlock request | Unlock period happens first | | Never | Now | 7 days from unlock request | No expiration to compete with | {% hint style="info" %} **How Expiration Affects Protection** Immutable snapshots provide protection for their entire expiration period - whether that's 3 hours or 30 days. An attacker cannot delete them immediately, even with admin access. * **Short expirations (3 hours)**: Provide rapid protection against recent attacks while minimizing storage impact * **Long expirations (7+ days)**: Provide extended protection but consume more storage The 7-day unlock period only matters if you need to manually delete a snapshot before its natural expiration. {% endhint %} ## Troubleshooting ### Storage Emergency with Immutable Snapshots **Symptom:** Storage at 90%+, cannot delete immutable snapshots **Immediate actions:** 1. Request unlock for all immutable snapshots (begins 7-day countdown) 2. Stop all snapshot creation temporarily 3. Add physical storage capacity (only immediate solution) 4. Delete any non-immutable snapshots or VMs **Prevention:** This is avoidable - maintain <70% storage utilization when using immutable snapshots. **Contact** [**VergeOS support**](/support-and-services.md) if you need emergency capacity planning assistance. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vergeos-demo.com/automate-protect-and-extend/backup-and-dr/immutable-snapshots.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.