Adding a backup storage location

You can add new location from the Backup & restore page of the IBM Storage Fusion or IBM Storage Fusion HCI System user interface.

Before you begin

If you plan to use a certificate for a S3 compliant backup storage location, then create a secret with the certificate as a prerequisite. For the procedure to create a secret, see Creating a secret.

About this task

Create the backup storage location in the specified sequence.

Note: IBM does not support the creation of two backup storage locations that have both identical endpoint and bucket names.

Procedure

  1. Log in to IBM Storage Fusion user interface.
  2. From the menu, click Backup & restore > Locations.
  3. In the Locations page, click Add location.
    The Add backup location wizard page is displayed.
  4. In the Add backup location, enter the Location name.
  5. Select the type of object storage backup location. The different location types are IBM Cloud (IBM Object Storage), Azure (Microsoft Object Storage), AWS (Amazon Object Storage), Spectrum Protect, MCG or Noobaa, and S3Compliant (Any Object Storage).
    For the procedure to add MCG or Noobaa location, see Using MCG or Noobaa as a backup storage location. For the procedure to add Spectrum Protect location, see Using IBM Storage Protect as a backup storage location.
    Note: S3 buckets must not enable expiration policies. For more information about this known issue, see S3 buckets must not enable expiration policies. Also, the bucket must not have an archive rule set.
  6. Click Next.
  7. In the Location type section, enter the following credentials to connect IBM Storage Fusion to your backup location: Endpoint, Bucket, Access key, Secret key. If the location is Azure (Microsoft Object Storage), then enter the Account name and Account key instead of Access key and Secret key. If the location is Amazon AWS, then you must also enter the Region.
    Example for AWS endpoint:
    https://s3.us-west-1.amazonaws.com
  8. In the Certificate settings section, enter the Secret name for the certificate.
    Note:
    • This setting is applicable only when you create an S3 compliant backup storage location type.
    • The endpoint URL must be an HTTPS protocol with a trusted connection. If the endpoint URL contains the HTTPS protocol, then you need to enter the name of the secret that contains the SSL certificate.
    • If you did not create a secret before you create the backup storage location, then you cannot complete further steps. Ensure that you cancel the operation and go back to the create secret step. For the procedure to create a secret, see Creating a secret.
    • If you plan to use a S3 location, check whether your permissions are valid with the cloud provider for that particular endpoint and bucket or equivalent.
      For certificates, run the following openssl command to check whether a Subject Alternative Name (SAN) exists:
      openssl x509 -in <filepath> -text
      The output displays a SAN field. This SAN field must match the endpoint host of the S3 bucket.
    • Do not use "wildcard + self-signed certificate" as it is a major security risk. If installed system-wide, then on exposure, all encrypted communication can be decrypted.
  9. Click Add.
    A success message gets displayed after adding the location.