You can add new location from the Backup & restore page of the
IBM Storage Fusion
or IBM Storage Fusion HCI System user
interface.
Before you begin
If you plan to use a certificate for a S3 compliant backup storage location, then create a secret
with the certificate as a prerequisite. For the procedure to create a secret, see Creating a secret.
About this task
Create the backup storage location in the specified sequence.
Note: IBM does not support the creation of two backup storage locations that have both identical
endpoint and bucket names.
Procedure
-
Log in to IBM Storage Fusion user
interface.
- From the menu, click Backup & restore >
Locations.
- In the Locations page, click Add location.
The Add backup location wizard page is displayed.
-
In the Add backup location, enter the Location
name.
- Select the type of object storage backup location. The different location types are
IBM Cloud (IBM Object Storage), Azure (Microsoft Object
Storage), AWS (Amazon Object Storage), Spectrum
Protect, MCG or Noobaa, and S3Compliant (Any Object
Storage).
- Click Next.
- In the Location type section, enter the following credentials to
connect IBM Storage Fusion to your backup location:
Endpoint, Bucket, Access key,
Secret key. If the location is Azure (Microsoft Object Storage), then enter
the Account name and Account key instead of
Access key and Secret key. If the location is Amazon
AWS, then you must also enter the Region.
Example for AWS endpoint:
https://s3.us-west-1.amazonaws.com
- In the Certificate settings section, enter the Secret
name for the certificate.
Note:
- This setting is applicable only when you create an S3 compliant backup storage location
type.
- The endpoint URL must be an HTTPS protocol with a trusted connection. If the endpoint URL
contains the HTTPS protocol, then you need to enter the name of the secret that contains the SSL
certificate.
- If you did not create a secret before you create the backup storage location, then you cannot
complete further steps. Ensure that you cancel the operation and go back to the create secret step.
For the procedure to create a secret, see Creating a secret.
- If you plan to use a S3 location, check whether your permissions are valid with the cloud
provider for that particular endpoint and bucket or equivalent.
For certificates, run the
following
openssl
command to check whether a Subject Alternative Name (SAN) exists:
openssl x509 -in <filepath> -text
The output displays a SAN field. This SAN
field must match the endpoint host of the S3 bucket.
- Do not use "wildcard + self-signed certificate" as it is a major security risk. If installed
system-wide, then on exposure, all encrypted communication can be decrypted.
- Click Add.
A success message gets displayed
after adding the location.