Configuring an IBM COS (formerly Cleversafe) target for archive or backup

Export to IBM COS is not enabled by default. After you enable IBM COS, you can configure it for archives and backup. Learn how to enable the service, and understand the configuration parameters used in the archive and backup pages.

Before you begin

Note: Cleversafe is now IBM Cloud Object Storage (COS) on IBM Cloud.
Restriction: External storage on IBM COS is not supported for IPV6.
Prepare these details before you begin:
  • Authentication endpoint URL
  • IBM COS credentials:
    • Access Key ID: identifies user as the party responsible for service requests. It needs to be included it in each request. It is not confidential and does not need to be encrypted. (20-character, alphanumeric sequence).
    • Secret Access Key: The Secret Access Key (40-character sequence) is associated with Access Key ID calculating a digital signature that is included in the request. It is a secret, for use only by IBM COS and the user. This key is just a long string of characters (and not a file) that is used to calculate the digital signature that needs to be included in the request. Secret Access Key is encrypted when saved into the database.
  • Bucket Name: Buckets partition the namespace of objects in the storage. Within a bucket, you can use any names for your objects.
  • The clock time of Guardium® system must be set to the correct local time. Otherwise, requests are not accepted. If the Guardium system time is not correct, set the correct time by using the following CLI commands:
    show system ntp server
    store system ntp server (An example is ntp server: ntp.swg.usma.ibm.com)
    store system ntp state on

Procedure

  1. Enable IBM COS archive or backup from the Guardium CLI by entering the relevant command:
    store storage-system IBMCOS archive on
    store storage-system IBMCOS backup on
  2. In Manage > Data Management > System Backup or Data Archive pages, select IBM COS (Formerly Cleversafe).
  3. Enter the Authentication endpoint URL.
  4. Enter the Access Key ID.
  5. Enter the Secret Access Key.
  6. Select the Bucket Name.
  7. Optional: Schedule the backup in the lower part of the page. For more details, see Scheduling.
  8. Click Save.
  9. If you are archiving or backing up by using the HTTPS protocol, you must store the rootca and intermediate certificate, if applicable, into the Tomcat keystore by running the CLI command store certificate keystore trusted console. For more information, see store certificate keystore.