#Backup of Ontap S3 data

First, sorry for my long intro, you can skip it and go to the end for my question.
As we all know, Netapp is known for snapshots and replication.
Netapp can take snapshots of file shares like smb/nfs. We can take snapshots of lun's regards less of access protocol.
We can even replicate to a secondary Netapp storage system either as backup (snapvault) or mirror.
Netapp has made backup software so we can integrate these kind of snapshots with our business applications such as "SQL" servers, Vmware, file systems and NAS, that hosts our business data.
So I was excited when Netapp launched S3 for Ontap in technical preview in Ontap 9.7.
Now we could use our Netapp storage system for modern application, fantastic.
Well, as they said, it can only do "CRUD" operations (in the beginning) and only v4 authentication.
But that's fine, that will cover most business applications needs.
In the beginning S3 volumes only supported "policy" snapshots (no ad hoc snapshots).
Okay, I can live with that, as we are just in the beginning the S3 protocol journey.
Some time went by and nothing really happened, but then finally they implemented snapmirror.
Great, but what!, no snapvault!, and policy snapshots of S3 is gone!
WT*!
I cant do backup of my S3 business data!
Well I can mirror it, but that's not backup, and no more snapshots of my S3 data locally!
Again WT*!
You certainly need to do backup of S3 data, even Amazon has backup service for S3 data (with snapshots, https://docs.aws.amazon.com/aws-backup/latest/devguide/s3-backups.html), and so does Commvault.
Can you imagine a Netapp smb/nfs/lun with no local snapshots support or snapvault?
Has the On-tap S3 team been hanging too long by the tap, thereby forgetting how to do proper Ontap S3 Netapp'ish implementation (as the rest of the protocols), LOL (not to be misunderstood)
So guys, how do you backup your Ontap S3 data?

Short answer: You should probably use StorageGRID if you require particular consistency guarantees on your objects (but note that some applications will fail if you use something like "strong-global" consistency)

Long answer: In most cases S3 snapshots will not help you anyway since they're not self-contained, i.e. you always have some sort of database somewhere outside S3 (you mentioned CommVault, that brings its own database for example). If you try and restore the S3 your whole backup store will be corrupted because objects that CommVault thinks should exist don't exist anymore, and vice-versa.

Oh, and maybe you should relax a bit and not randomly insult people, but what do I know 🤷

I don't understand... what's the issue with using S3 SnapMirror to protect your S3 buckets? https://docs.netapp.com/us-en/ontap/s3-snapmirror/index.html
It mentions "backup" several times...

The rpo-parameter configures how long ONTAP will wait until an object written to the source S3 bucket will also get written to the S3 SnapMirror destination bucket:
snapmirror policy create -vserver [SVM] -type continuous -rpo 600

Yes, with System Manager and CLI you can only restore the full bucket (to another empty bucket on the source for example), so no single-file/object restore: https://docs.netapp.com/us-en/ontap/s3-snapmirror/restore-cloud-target-task.html
But you could still simply browse the bucket at your destination and use any S3 browser to restore the objects you need.

Also:
Beginning with ONTAP 9.11.1, ONTAP S3 supports bucket versioning. Enabling versioning allows for the creation of multiple versions of an object. Much like Snapshot copies, these objects can be retrieved and restored, enabling client applications to restore deleted objects or retrieve earlier versions of an object. (Check https://www.netapp.com/media/17219-tr4814.pdf, page 16)

And you can even put an Object Lock retention time on a specific version of an object. Which sort of translates to Tamperproof snapshots in regular ONTAP world.

So everything is possible there is only no automated solution. If you make sure to use versioning and S3 SnapMirror I don't see any issues with using production S3 workloads on ONTAP S3. 🤷‍♂️