When you create a protection group, you configure how long to retain snapshots on the cloud file system.
With protection groups, you can retain snapshots for a short time (one hour) or a long time (several years), depending upon your data retention policy.
As a best practice for ransomware recovery, configure snapshot schedules with a retention of at least 90 days. A 90 day retention schedule might result in higher storage capacity consumption.
All snapshots that are past the time of expiration get deleted, except the last snapshot. This final snapshot is retained to make sure recovery is still possible. If the schedule is activated again, an incremental sync of the VMs begins.
Snapshot Retention for Running Ransomware Recovery Plan
When you start a ransomware recovery plan, VMware Live Cyber Recovery pauses all snapshot expiration for snapshots taken prior to starting the plan. Existing snapshots are deleted upon expiration, regardless of protection group retention policy, until the plan is ended. Any subsequent snapshots taken since the starting of the plan will expire and be deleted according to the configured retention policy.
When the plan is ended, snapshots expiration will resume according to the defined protection group retention policy.