search
Ctrlk
🏠︎ HOME@ WEBSITE↘ FREE TRIAL✉︎ CONTACT SUPPORT

Storage overview

Overview of the Xopero Unified Protection storage architecture, including the technologies used, configuration options, and data retention mechanisms.

Xopero Unified Protection (XUP) implements a multi-layered data immutability architecture to mitigate the impact of ransomware attacks and reduce the risk of threat propagation within the storage infrastructure.

hashtag
General information

The Xopero ONE system compresses and encrypts data, storing it in non-executable formats. The solution uses immutable storage compliant with the WORM standard, preventing accidental or intentional encryption, modification, or deletion of backup data. Authentication mechanisms restrict access to the storage, ensuring that ransomware cannot access stored data, even if the source machine is compromised.

The AirGap data protection method, based on xSAIR (Secure AirGap Immutable Repository) technology, provides an additional layer of security by isolating data within a demilitarized zone (DMZ) and enabling replication to the isolated environment (an additional XUP appliance). As part of Xopero Unified Protection, the AirGap solution helps ensure resilient, threat-resistant data storage systems.

hashtag
Data retention and protection mechanisms

To ensure the highest level of security, XUP data storage uses advanced protection rules to prevent unauthorized or accidental data deletion. It is based on two key mechanisms: versioning and compliance.

hashtag
Versioning

The versioning feature is configured with a 7-day retention period — each modification or overwrite attempt creates a new data iteration, while previous versions are retained for one week. This allows users to restore data from any backup point within that period.

hashtag
Compliance

An additional layer of protection is based on the compliance mechanism, configured with a 24-hour retention window. In this mode:

  • Data can be deleted only after the minimum retention period of 7 days has elapsed.

  • After this period, an additional 24-hour buffer is activated, preventing final data deletion.

  • During the compliance lock period, no user (including the root administrator) can delete protected data earlier.

The combination of these mechanisms creates an effective security barrier that significantly extends the time required to execute a destructive attack on the data.

Last updated

Was this helpful?