SnapLock Compliance is designed to meet stringent data retention and immutability regulations, such as SEC Rule 17a-4. A fundamental requirement of these regulations is the ability to track all administrative actions performed on the system. Therefore, SnapLock Compliance fully supports and relies on secure, tamper-proof audit logging. A privileged-delete log tracks the deletion of expired files, and the system's standard audit logs record all other relevant administrative commands, ensuring a complete and verifiable history of operations.

A. Aggregate Rename: Renaming an aggregate that contains a SnapLock Compliance volume is explicitly prohibited to maintain the integrity and auditable chain of custody for the WORM data.

C. System Reinitialization: A storage system with a SnapLock Compliance volume cannot be reinitialized. This restriction is a core security feature that prevents the premature or malicious destruction of retained data.

D. MetroCluster Configuration: SnapLock Compliance volumes are not supported in a MetroCluster configuration. The strict WORM policies of SnapLock Compliance are incompatible with the synchronous replication and failover mechanisms of MetroCluster.

1. NetApp ONTAP 9 Documentation, "Data protection and security overview," Section: "SnapLock restrictions."

This section explicitly states, "SnapLock Compliance volumes are not supported in a MetroCluster configuration." It also details other restrictions, such as the inability to destroy or reinitialize a system containing a SnapLock Compliance volume.

2. NetApp Technical Report 4526 (TR-4526), "SnapLock Technology," Section: "SnapLock Compliance Restrictions."

This document confirms the restrictions: "You cannot rename an aggregate that contains a SnapLock Compliance volume" and "You cannot reinitialize a storage system that has a SnapLock Compliance volume."

3. NetApp ONTAP 9 Documentation, "Data protection and security overview," Section: "How SnapLock works."

This section describes the logging mechanism: "SnapLock creates audit log files in a directory in the root of the SnapLock volume... The audit log files are non-alterable and non-deletable, and are retained for the same duration as the retention period of the volume." This confirms audit logging is a supported and integral feature.