A customer would like to reduce SafeMode settings for retention and eradication with their current policy. How is authorization obtained to make the requested changes?
To reduce SafeMode protections (such as shortening the retention period or disabling the eradication timer), two authorized SafeMode approvers must authenticate and approve the request via Pure1 step-up authentication.
SafeMode is a ransomware protection feature designed to prevent the accidental or malicious deletion of snapshots. Because reducing these protections weakens the array's security posture, Pure Storage enforces a strict 'Ratchet' authorization process.
The Process: Unlike standard support requests, a single admin or local user cannot authorize this change (making Option C incorrect). The customer must have previously designated specific individuals as 'SafeMode Approvers' in their Pure1 portal.
Authorization: When a request to weaken the policy is made, Pure Support triggers a verification workflow. Two of these designated approvers must log into Pure1 and perform a secondary authentication (often involving a PIN or TOTP) to explicitly 'sign off' on the reduction. This 'two-person rule' ensures that a compromised credential or a rogue insider cannot unilaterally expose the organization's backup data to destruction.
Currently there are no comments in this discussion, be the first to comment!