Configure a Custom Storage Location and Database

When Bring your own storage is selected in the subscription of IBM® Storage Protect for Cloud Salesforce, administrators can configure a custom storage location to store the files and configure a database to store the records and relational data of the backup data.

If you have purchased a subscription for BYOS (Bring your own storage) but are currently using IBM default storage for your backup data, your backup jobs will fail, and we will send you an email notification every 7 days to remind you to update your BYOS storage configuration.

1. Navigate to Settings > Storage.
2. Click Storage. All organizations that you manage are displayed in the panel. You can click the down arrow () button next to an organization to view the storage location details.

   After the administrator’s login, the Startup wizardpage will appear if the storage location and database have not been configured. You can turn on the toggle of an organization to configure the storage information.

   For distributor customers, after the administrator’s login, , the Startup wizardpage will appear if they have not been configured. You can turn on the toggle of an organization to use IBM Storage Protect for Cloud default storage or select Bring your own storage to configure a custom storage location and database.

3. Click the edit () button next to the organization you want to manage.
4. Select the storage type you want to use and configure the settings. The Microsoft Azure Storage, SFTP, Amazon S3, Amazon S3-Compatible Storage, IBM Storage Protect - S3, and IBM Cloud Object Storage types are supported.
   With Microsoft Azure Storage selected, configure the following settings to configure the storage location and database:

   • Access Point – Enter the URL for the Storage Service.
   • Account Name – Enter the corresponding account name to access the specified storage.
   • Account Key – Enter the corresponding account key to access the specified storage.
   • Extended parameters – Enter the following extended parameters if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Refer to the instructions below to add parameters.
     • RetryInterval – Customize the retry interval when the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will try to reconnect every 30000 milliseconds.

       If you do not configure this parameter, the value is 30000 milliseconds by default.

     • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

       If you do not configure this parameter, the value is 6 by default.

     • CustomizedMetadata={} – User-added metadata is supported. Configure the metadata in the parameter. For example: CustomizedMetadata={[testKey1,testValue1],[testKey2,testValue2],[testKey3,testValue3]}.
     • CustomizedMode=Close – User-added metadata is not supported.
   With SFTP selected, configure the following settings to configure the storage location:

   • Host – Enter the IP address of the SFTP server.
   • Port – Enter the port to use to connect to this SFTP server.
   • Root Folder – Enter the root folder where you wish to access.
   • Username– Enter the username used to access the root folder.
   • Password – Enter the corresponding password of the user used to access the root folder.
   • Private Key – If the SFTP server supports the private key, enter the private key here.
   • Private Key Password – Enter the corresponding password of the private key.
   With Amazon S3 selected, configure the following settings to configure the storage location:

   • Bucket Name – Enter the bucket name you wish to access.

     Note the following:

     • If the entered name doesn’t match an existing bucket, a new bucket will be automatically created.
     • Ensure the bucket policy in Amazon S3 storage applied to your account contains the following required permissions:
       • Read: Get Object
       • List: ListBucket
       • Write: DeleteObject; PutObject; DeleteObjectVersion
   • Access Key ID – Enter the corresponding access key ID to access the specified bucket. You can view the Access key ID from your AWS account.
     Note: The AWS account must have the AmazonS3FullAccess policy assigned.
   • Secret Access Key – Enter the corresponding secret key ID to access the specified bucket. You can view the Secret Access Key from your AWS account.
   • Storage Region – Select the Storage Region of this bucket from the drop-down menu. The available regions are

     US East (N. Virginia)	US East (Ohio)	US West (Northern California)
     US West (Oregon)	Canada (Central)	EU (Ireland)
     EU (Frankfurt)	EU (London)	Asia Pacific (Singapore)
     Asia Pacific (Tokyo)	Asia Pacific (Sydney)	Asia Pacific (Seoul)
     Asia Pacific (Mumbai)	South America (Sao Paulo).

   • Extended parameters – Enter the following extended parameters if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Refer to the instructions below to add parameter
     • RetryInterval – Customize the retry interval when the network connection is interrupted. Enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will try to reconnect every 30000 milliseconds.

       If you do not configure this parameter, the value is 30000 milliseconds by default.

     • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

       If you do not configure this parameter, the value is 6 by default.

     • CustomizedMetadata – Configure if customized metadata or user-added metadata is supported. By default, customized metadata and user-added metadata are all supported.
     • CustomizedMode=Close – This physical device will not support customized metadata or user-added metadata.
     • CustomizedMode=SupportAll – This physical device will support all customized metadata and user-added metadata.
     • CustomizedMode=CustomizedOnly – This physical device will only support user-added metadata.
     • CustomizedRegion – Configure the customized region of the physical device. For example, enter CustomizedRegion=s3-us-gov-west-1.amazonaws.com to configure the GovCloud account.
   With Amazon S3-Compatible Storage selected, configure the following settings to configure the storage location:

   • Bucket name – Enter the bucket name you wish to access.

     Note the following:

     • If the entered name doesn’t match an existing bucket, a new bucket will be automatically created.
     • Ensure the bucket policy in Amazon S3 storage applied to your account contains the following required permissions:
       • Read: Get Object
       • List: ListBucket
       • Write: DeleteObject; PutObject; DeleteObjectVersion
   • Access Key ID – Enter the corresponding access key ID to access the specified bucket.
   • Secret Access Key – Enter the corresponding secret key ID to access the specified bucket.
   • Endpoint – Enter the URL used to connect to the place where you want to store the data.
     Note: The URL must begin with http:// or https://.
   • Extended parameters – Enter the following extended parameters if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Refer to the instructions below to add parameters.
     • SignatureVersion – By default, IBM Storage Protect for Cloud Salesforce uses V4 authentication to access your storage. If you want to use V2 authentication, add SignatureVersion=2 into the extended parameters.
     • RetryInterval – Customize the retry interval when the network connection is interrupted. Enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will try to reconnect every 30000 milliseconds.

       If you do not configure this parameter, the value is 30000 milliseconds by default.

     • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

       If you do not configure this parameter, the value is 6 by default.

     • CustomizedMetadata – Configure if customized metadata or user-added metadata is supported. By default, customized metadata and user-added metadata are all supported.
     • CustomizedMode=Close – This physical device will not support customized metadata or user-added metadata.
     • CustomizedMode=SupportAll – This physical device will support all customized metadata and user-added metadata.
     • CustomizedMode=CustomizedOnly – This physical device will only support user-added metadata.
   With IBM Storage Protect- S3 selected, configure the following settings to configure the storage location and database:

   • Bucket name – Enter the bucket name you wish to access.

     Note the following:

     • The IBM Storage Protect Object client (S3) must be installed and configured before setting up IBM Storage Protect for Cloud. Refer to, Sending data from other object clients to IBM Storage Protect.
     • The entered name must match an existing bucket. For details on creating a bucket, see How to create an S3 bucket in IBM Storage Protect.
     • Ensure the bucket policy in Amazon S3 storage applied to your account contains the following required permissions:
       • Read: Get Object
       • List: ListBucket
       • Write: DeleteObject; PutObject; DeleteObjectVersion
   • Access key ID – Enter the corresponding access key ID to access the specified bucket.
   • Secret Access Key – Enter the corresponding secret key ID to access the specified bucket.
   • Endpoint – Enter the URL used to connect to the place where you want to store the data.
     Note: The URL must begin with “http://” or “https://”.
   • Extended parameters – Enter the following extended parameters if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Refer to the instructions below to add parameters.
     • Allow_Insecure_SSL – By default, the storage client expects an SSL certificate issued by a public trusted certificate authority over HTTPS transport to ensure integrity. A self-signed certificate on the storage server side will fail the certificate validation. If you choose to use a self-signed certificate, you can set the Allow_Insecure_SSL to true in the Extended parameters to bypass the certificate validation
     • SignatureVersion – By default, IBM Storage Protect for Cloud Salesforce uses V4 authentication to access your storage. If you want to use V2 authentication, add SignatureVersion=2 into the extended parameters.
     • RetryInterval – Customize the retry interval when the network connection is interrupted. Enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will try to reconnect every 30000 milliseconds.

       If you do not configure this parameter, the value is 30000 milliseconds by default.

     • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

       If you do not configure this parameter, the value is 6 by default.

     • CustomizedMetadata – Configure if customized metadata or user-added metadata is supported. By default, customized metadata and user-added metadata are all supported.
     • CustomizedMode=Close – This physical device will not support customized metadata or user-added metadata.
     • CustomizedMode=SupportAll – This physical device will support all customized metadata and user-added metadata.
     • CustomizedMode=CustomizedOnly – This physical device will only support user-added metadata.
     • Cert_thumbprint - If you have a self-signed certificate for S3 server and only want to pass the certificate validation with a specific thumbprint, enter your thumbprint as the value of the parameter.
   With IBM Cloud Object Storage selected, configure the following settings to configure the storage location and database:

   • Bucket name – Enter the bucket name that you wish to access.

     Note the following:

     • If the entered name doesn’t match an existing bucket, a new bucket will be automatically created.
     • Ensure the bucket policy in Amazon S3 storage applied to your account contains the following required permissions:
       • Read: Get Object
       • List: ListBucket
       • Write: DeleteObject; PutObject; DeleteObjectVersion
   • Access key ID – Enter the corresponding access key ID to access the specified bucket.
   • Secret access key – Enter the corresponding secret key ID to access the specified bucket.
   • Endpoint – Enter the URL used to connect to the place where you want to store the data.
     Note: The URL must begin with “http://” or “https://”.
   • Extended parameters – Enter the following extended parameters if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Refer to the instructions below to add parameters.
     • SignatureVersion – By default, IBM Storage Protect for Cloud Salesforce uses V4 authentication to access your storage. If you want to use V2 authentication, add SignatureVersion=2 into the extended parameters.
     • RetryInterval – Customize the retry interval when the network connection is interrupted. Enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will try to reconnect every 30000 milliseconds.

       If you do not configure this parameter, the value is 30000 milliseconds by default.

     • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

       If you do not configure this parameter, the value is 6 by default.

     • CustomizedMetadata – Configure if customized metadata or user-added metadata is supported. By default, customized metadata and user-added metadata are all supported.
     • CustomizedMode=Close – This physical device will not support customized metadata or user-added metadata.
     • CustomizedMode=SupportAll – This physical device will support all customized metadata and user-added metadata.
     • CustomizedMode=CustomizedOnly – This physical device will only support user-added metadata.
5. Configure the following settings to configure the database:
   Note: The Enterprise edition of SQL Server 2014 or later is supported for the database. You can use either an online SQL server or an on-premises SQL server with the Enterprise edition. Ensure that IBM Storage Protect for Cloud Salesforce can connect to the SQL server. We recommend that you add the reserved IP address of IBM Storage Protect for Cloud Salesforce to the allowed list of your SQL server firewall. To download the reserved IP address, go to IBM Storage Protect for Cloud > Advanced Settings > Reserved IP Addresses > Download a List of Reserved IP Addresses.

   • Instance Name – Enter the instance name of the SQL server where the database resides.
   • Database Name – Enter the name of an existing database you want to use.
   • Authentication method– Select an authentication method from SQL authentication and Microsoft Entra authentication.
   • Username – Enter the username of the account that has the db_owner role of the above database.
   • Password – Enter the password of the above account.
   • Encrypt connection – Turn on/off the toggle to define if you want to encrypt the server certificate. The feature is enabled by default.
   • Trust server certificate – Turn on/off the toggle to define if you want to trust the server certificate.
   • Certificate file (.cer) - If your SQL server is protected by a custom SSL certificate, upload the certificate file to connect to your server.
     Note: If you use the Amazon RDS for SQL Server and use the built-in certificate, the certificate file is not required here.
6. Click Save to save the configurations, or click Cancel to close the panel without saving any configurations.

   If you are on the Startup wizard page, click Back up now to start the backup jobs for the configured organizations.