Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup and NetBackup Appliances Hardening Guide
  3. Steps to protect Flex Appliance
  4. About lockdown mode
  5. Managing lockdown mode at the instance level
NetBackup and NetBackup Appliances Hardening Guide

Managing lockdown mode at the instance level

You can use the Flex Appliance Console to change the lockdown mode on a Flex appliance at the instance level.

Flex Appliance includes the following lockdown modes at the instance level:

  • Enterprise mode

    This mode adds additional access restrictions but retains a level of flexibility. In this mode:

    • You can create WORM storage instances.

    • If needed, the application administrator can disable the retention lock on backup images so that they can be expired before the specified retention date.

    • If the instance is on WORM storage server version 19.0.1 or later, security administrators can delete the instances only if no data is present. The application administrator must approve the deletion beforehand.

    • If the instance is on WORM storage server version 19.0 or earlier, security administrators can delete the instance if data is present. The application administrator does not need to approve the deletion beforehand.

  • Compliance mode

    This mode adds the highest level of access restrictions. In this mode:

    • You can create WORM storage instances.

    • The retention lock on backup images cannot be disabled before the specified retention date.

    • You can delete the instances only if no data is present. If the instance is on WORM storage server version 19.0 or later, the application administrator must approve the deletion beforehand.

Note the following restrictions:

  • Only a security administrator can change the lockdown mode.

  • You can only change from enterprise mode to compliance mode. Before you change the mode, you must first delete all WORM storage instances.

To change the lockdown mode

  1. From the System topology page of the Flex Appliance Console, navigate to the Application instances section.
  2. Locate the row of the application instance for which you want to change the lockdown mode. Click Action > Change to compliance mode.
  3. In the Change to compliance mode popup window, enter the instance name and enter the Flex Appliance Console password. Click Change mode.

    The instance mode gets updated and the details are displayed in the Application instances section.

Feedback

Was this page helpful?
Previous

Managing lockdown mode at the appliance level

Next

Managing multiperson authorization

Feedback

Was this page helpful?