Managing Protection Policies

  • Updated on Jan 31, 2026
  • Published on Jan 26, 2026
  • 3 minute(s) read
Prev Next

Overview of Protection Policies

A protection policy is a reusable configuration that is used by the following data protection features:

  • Async replication, where data is captured by snapshots on a schedule of points in time and replicated to other clustersOverview of VAST Replication

  • Local backup, where data is captured by snapshots on a schedule of points in time and stored locally. Snapshots and Local Backup

  • Backup to S3, where data is captured by snapshots on a schedule of points in time and replicated via S3 to an AWS bucket.  Overview of Backup to S3

A protection policy defines:

  • A schedule of points in time at which to take snapshots

  • Retention time for snapshots on the local cluster

  • A remote peer, which may be a replication peer (async replication) or an S3 replication peer (backup to S3). This is not specified if the policy is intended for local backup only.

For full configuration instructions for async replication, local backup and backup to S3, see the relevant feature section, linked above.

Creating a Protection Policy in VAST Web UI

  1. From the left navigation menu, select Data Protection and then Protection Policies.

  2. Click + Create Protection Policy.

  3. In the Add Protection Policy dialog, complete the fields:

    Field

    Description

    Policy name

    Enter a name for the protection policy.

    Peer

    If you want to use the protection policy for replication to a remote cluster or to an S3 replication peer, select the replication peer or S3 replication peer from the dropdown.

    Snapshot prefix

    Enter a prefix for the snapshot names.

    The name of each snapshot will be <prefix>_<timestamp>, where <prefix> is the prefix specified here and <timestamp> is the time the snapshot is created, in the format yyyy-mm-ddTHH:MM:SS.SSSSSSzzz (T denotes time and doesn't represent a value, zzz is the timezone, and the time is accurate to the microsecond). For example, if the prefix is dev, a snapshot taken at 8:15 pm UTC on 20th November 2024 would be named dev_2024-11-20T20:15:06.144783UTC.

  4. If you want to make the protection policy indestructible, enable the Indestructible setting. This setting protects the policy and its snapshots from accidental or malicious deletion.

    Caution

    After saving the protection policy, you won't be able to delete the policy or disable its indestructibility without performing a procedure for authorized unlocking of the cluster's indestructibility mechanism.

    Note

    If a replication peer is configured, the indestructibility setting will be replicated to the peer.

  5. Set up one or more replication schedules:

    Tip

    If you want to set up multiple schedules, click the Add Schedule button to display more scheduling fields in the dialog.

    • To set the start time, click in the Start at field. In the calendar that appears, click the start date you want and adjust the start time:

      Set_start_time.png

      Note

      When a protected path is active, it performs an initial data sync to the replication peer or S3 replication peer (if applicable) immediately after being created. The initial sync creates the first restore point. Therefore, the restore point created on the start date is in fact the second restore point.

    • To set a period, select a time unit from the Period dropdown and enter the number of time units in the Every field.

      Note

      The minimum interval is 15 seconds.

  6. Configure local snapshot retention:

    • If you want to retain local snapshots, set the Keep local copy for period. This is the amount of time for which local snapshots are retained on the local cluster.

      Select a time unit from the Period dropdown and enter the number of time units in the Keep local copy for field.

    • If you do not want to keep local snapshots, leave the Keep local copy for field blank. Snapshots will be deleted immediately after they are replicated to the destination peer.

  7. If a replication peer is selected, set the Keep remote copy for period. This is the amount of time restore points are retained on the replication peer.

    Select a time unit from the Period dropdown and enter the number of time units in the Keep remote copy for field.

    Note

    This setting applies only to replication peers and not to replication S3 peers. Restore points are not deleted from replication S3 peers.

  8. Click Create.

    The protection policy is created and listed in the Protection Policies page.

Modifying a Protection Policy in VAST Web UI

To modify a protection policy, open the Actions menu for the policy you want to update, and select Edit. Make your changes and then click Update.

Note

Changing snapshot expiration in the policy only affects future snapshots and not existing ones.

Removing a Protection Policy in VAST Web UI

To remove a protection policy, open the Actions menu for the policy and select Remove. Click Yes to confirm the removal.

Related articles
  • Managing Protection Policies
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Tenant Administrator’s Guide > Data Protection > Protected Paths and Protection Policies
  • Managing Protection Policies
    VAST Cluster > Version 5.0 > VAST Cluster 5.0 Administrator's Guide > Data Protection > Multi-Feature Data Protection Configurations
  • Managing Protection Policies
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Administrator's Guide > Data Protection > Protected Paths and Protection Policies