To use tamper-proof Snapshot copies, which are a feature of NetApp's SnapLock Compliance, two primary components are required. First, the Compliance Clock must be initialized on each node in the cluster. This is a special, secure, one-time-settable clock that governs the retention periods for WORM (Write Once, Read Many) data and cannot be moved backward, ensuring the integrity of the retention period. Second, the appropriate feature license is necessary. In modern ONTAP versions, SnapLock functionality is included in the NetApp ONTAP One license bundle, which must be enabled on the cluster to access this and other premium data protection features.

B. three NTP servers: While using NTP to ensure accurate system time is a prerequisite for initializing the Compliance Clock, the clock itself is the specific feature that must be enabled. There is no strict requirement for exactly three NTP servers.

C. SnapRestore license: SnapRestore is a separate feature used for rapid data recovery from any Snapshot copy. It is not a prerequisite for creating or managing tamper-proof SnapLock WORM volumes.

1. NetApp ONTAP 9.12.1 Documentation, "SnapLock fundamentals": In the section "ComplianceClock", it states, "Before you can create a SnapLock Compliance aggregate, you must initialize the ComplianceClock on each node in the cluster. The ComplianceClock is a secure, tamper-proof clock that is used to time-stamp the retention period of WORM files." This confirms the requirement for the Compliance Clock.

2. NetApp ONTAP One Datasheet (DS-4070-0222): Under the "Data Protection" feature set included in ONTAP One, "SnapLock®" is explicitly listed. This document confirms that the ONTAP One license enables the SnapLock feature required for tamper-proof snapshots.

3. NetApp Technical Report 4526 (TR-4526), "SnapLock Technology in ONTAP": Section 3.1, "Compliance Clock," explains, "A SnapLock Compliance aggregate is governed by a system-wide compliance clock that can only be initialized once and can never be moved backward... The compliance clock is initialized from the current system time of a node." This distinguishes the Compliance Clock as the essential mechanism, separate from the NTP service that sets the initial system time.