Creating an SLA policy for containers

You can create custom service level agreement (SLA) policies for persistent volumes that are attached to a Kubernetes or Red Hat® OpenShift® cluster. You can define the frequency of snapshot and backup operations and specify policies for retention, replication, and copy jobs.

Before you begin

During a container backup operation, a snapshot is always created. When a scheduled backup job runs, a snapshot of a persistent volume claim (PVC) is created on your storage system at the frequency that is defined by the snapshot policy. You can specify additional policy settings to copy the snapshot to the IBM Spectrum® Protect Plus vSnap server or directly to a cloud storage system.

Using a cloud storage system as primary storage
If you plan to copy data directly to a cloud storage system, the cloud target must have a defined backup object storage bucket. For instructions about adding a cloud storage provider, see Managing cloud storage.
The following cloud storage systems are supported for container workloads:
  • Amazon Simple Storage Service (Amazon S3)
  • IBM Cloud® Object Storage
  • Microsoft Azure Blob storage
  • S3 compatible storage
Limitations:
  • For IBM Cloud Object Storage, support for retention-enabled vaults is not available.
  • For S3 compatible storage, generic S3 support is based on external certification processes. For the list of supported S3 compatible providers, see technote 1087149.
Using the vSnap server as primary storage

If you copy data to the vSnap server, additional options are available to replicate the vSnap server and to copy the data to a secondary backup storage provider that is a cloud storage system or a repository server. For snapshots that are copied directly to cloud storage, replication and secondary backup storage options are not available.

If you plan to copy data to a vSnap server, take the following actions:
  • To copy data from a vSnap server to secondary storage, such as a cloud storage system or repository server, ensure that the secondary storage is configured. For information about the secondary storage systems that are supported and for configuration instructions, see Managing backup storage.
  • To archive data from a vSnap server to a cloud storage system, the cloud target must have a defined archive bucket. To add an archive bucket for a cloud storage system, follow the instructions in Managing cloud storage.
If you plan to copy data to a vSnap server, take the following actions:
  • If you plan to copy data from a vSnap server to secondary storage, such as a cloud storage system or repository server, ensure that the secondary storage is configured. For information about the auxiliary storage systems that are supported and for configuration instructions, see Managing backup storage
  • If you plan to archive data from a vSnap server to a cloud storage system, the cloud target must have a defined archive bucket. To add an archive bucket for a cloud storage system, follow the instructions in Managing cloud storage.

About this task

You can create custom SLA policies if you do not want to use the predefined Container policy. The Container policy initiates the following operations:
  • Snapshot backup operations every 6 hours with a retention period of 1 day
  • Copy backup operations daily with a retention period of 31 days

A snapshot is required in a container backup operation. When a scheduled backup job runs, a snapshot of the persistent volume claim (PVC) is created on your storage system at the frequency that is defined by the snapshot policy. You can specify additional policy settings to copy the snapshot to the IBM Spectrum Protect Plus vSnap server, replicate the vSnap server, or copy the data to object storage in the cloud or to a repository server.

If a PVC is associated with multiple SLA policies, ensure that the policies that you create are not scheduled to run concurrently. Either schedule the SLA policies to run with a significant amount of time between them, or combine them into a single SLA policy.

Procedure

To create an SLA policy for your PVCs, complete the following steps:

  1. In the navigation panel, click Manage Protection > Policy Overview.
  2. Click Add SLA Policy to open the Add policy wizard.
  3. Select Containers in the Category list.
  4. Click Tiered snapshot and then click Next.
    The SLA policy options are displayed on the Policy rules page.
  5. Complete the following options on the page and then click Next.
    1. Enter a name that provides a meaningful description of the SLA policy.
    2. Optional: Select Disable all schedules to create the SLA policy without defining a frequency or start time. Policies that are created without a schedule can be run on demand.

      If you plan to enable the Backup Policy section for copy backup operations to a vSnap server or object storage, do not select this checkbox. If you select the checkbox, no snapshots will be available for copying to the vSnap server or cloud object storage.

    3. In the Snapshot Protection section, set the following options for snapshot operations:
      Retention
      Specify the retention period for the snapshots.
      Disable Schedule
      Select this checkbox to create the snapshot policy without defining a frequency or start time. Policies that are created without a schedule can be run on demand.
      If you plan to enable the Backup Policy section for copy backup operations to a vSnap server or object storage, do not select this checkbox. If you select the checkbox, no snapshots will be available for copying to the vSnap server or cloud object storage.
      Repeats
      Enter a frequency for snapshot operations. Select Subhourly, Hourly, Daily, Weekly, Monthly, or Yearly. When Weekly is selected, you can select one or more days of the week. The specified start time applies to the selected days of the week.
      Start Time
      Enter the date and time when you want the snapshot operation to start.
      The time zone is automatically populated with your browser settings. To update the time zone, click the field and select a region and city from the list, for example: Europe/Dublin. You can also click the field and enter a region or city in the Search field, and select an item from the matching results.
      Snapshot Prefix
      Enter a prefix to add to the beginning of snapshot names. You can add a prefix to snapshot names to help you organize and easily identify snapshots.
      You can enter up to 32 characters for the prefix.
      For example, if you entered the prefix "daily", all snapshot names that are created with this SLA policy will begin with "daily".
    4. In the Backup Policy section, set the following options for copy backup operations to the vSnap server or to cloud storage:
      Backup Storage vSnap
      Select this checkbox to enable copy backup operations to the vSnap server or to cloud storage. For copy backups to vSnap servers, these operations occur on the vSnap servers that are defined on the System Configuration > Storage > vSnap Servers page. For backup operations to cloud storage, the operations occur on the cloud storage system that is defined on the System Configuration > Storage > Cloud page.
      Retention
      Specify the retention period for the copy backups on the vSnap server or cloud storage.
      Disable Schedule
      Select this checkbox to create the backup policy without defining a frequency or start time. Policies that are created without a schedule can be run on demand.
      Repeats
      Enter a frequency for snapshot operations. Select Subhourly, Hourly, Daily, Weekly, Monthly, or Yearly. When Weekly is selected, you can select one or more days of the week. The specified start time applies to the selected days of the week.
      Start Time
      Enter the date and time when you want the copy backup operation to start.
      Tip: Allot time for the snapshot backup to complete before starting the copy backup operation. For example, if the snapshot operation starts at midnight (0:00), set the copy backup operation to start 15 minutes later, at 00:15.
      The time zone is automatically populated with your browser settings. To update the time zone, click the field and select a region and city from the list, for example: Europe/Dublin. You can also click the field and enter a region or city in the Search field, and select an item from the matching results.
      Target Site
      Select the target site for backup copies.
      Table 1. Target storage types
      Target Storage Type Target
      Site Select Primary, Secondary, or Replication to configure a vSnap server as the primary site, secondary site, or site for replication.

      A site can contain one or more vSnap servers. If more than one vSnap server is in a site, the IBM Spectrum Protect Plus server manages data placement in the vSnap servers.

      Only sites that are associated with a vSnap server are shown in this list. Sites that are added to IBM Spectrum Protect Plus but are not associated with a vSnap server are not shown.
      Object Storage Select an available cloud storage system as the primary site for storage. A target cloud storage system is available only if you configured your cloud storage as described in Managing cloud storage.
      Limitations:
      • For IBM Cloud Object Storage, support for retention-enabled vaults is not available.
      • For S3 compatible storage, generic S3 support is based on external certification processes. For the list of supported S3 compatible providers, see technote 1087149.
      Complete the following fields:
      Use existing access key
      Enable this option to select a previously specified encryption passphrase for the storage, and then select the key from the Select a key list.
      Backup encryption passphrase name
      If you do not use an existing encryption passphrase, enter a meaningful name to help identify the passphrase.
      Backup encryption passphrase
      Enter a passphrase to encrypt your backups on the cloud storage.
      Only use encrypted disk storage
      If your environment includes encrypted and unencrypted servers, select this checkbox to back up data to encrypted vSnap servers. This option does not apply to object storage.
      Restriction: If this option is selected, but no encrypted vSnap servers are available, the associated job fails.
    5. Under Replication Policy, set the following options to enable asynchronous replication from one vSnap server to another. For example, you can replicate data from the primary to the secondary backup site.
      Replication partnerships requirement: These options apply to established replication partnerships. To add a replication partnership, see the instructions in Configuring backup storage partners.
      Backup Storage vSnap Replication
      Select this option to enable replication.
      This option is enabled only when Backup Policy is selected and when the target storage type is Site. This option is not available if the target storage type is Object Storage.
      Disable Schedule
      Select this checkbox to create the replication policy without defining a frequency or start time.
      Repeats
      Enter a frequency for snapshot operations. Select Subhourly, Hourly, Daily, Weekly, Monthly, or Yearly. When Weekly is selected, you can select one or more days of the week. The specified start time applies to the selected days of the week.
      Start Time
      Enter the date and time that you want the replication operation to start.
      The time zone is automatically populated with your browser settings. To update the time zone, click the field and select a region and city from the list, for example: Europe/Dublin. You can also click the field and enter a region or city in the Search field, and select an item from the matching results.
      Target Site
      Select the target site for replicating data.
      A site can contain one or more vSnap servers. If more than one vSnap server is in a site, the IBM Spectrum Protect Plus server manages data placement in the vSnap servers.
      Only sites that are associated with a vSnap server are shown in this list. Sites that are added to IBM Spectrum Protect Plus but are not associated with a vSnap server are not shown.
      Only use encrypted disk storage
      Select this option to replicate data to encrypted vSnap servers when your environment includes encrypted and unencrypted servers.
      Restriction: If this option is selected, but no encrypted vSnap servers are available, the associated job fails.
      Same retention as source selection
      Select this option to use the same retention policy as the source vSnap server. To set a different retention policy, clear this option and set a different policy.
    6. In the Additional copies section, set the options to copy data to standard object storage or archive object storage.

      When copying data from a vSnap server to cloud storage, the most recent successfully completed snapshot is copied.

      Standard object storage (incremental copy)
      This option is enabled only when Backup Policy is selected and when the target storage type is Site. This option is not available if the target storage type is Object Storage.
      Data is backed up to the vSnap server for short-term protection, and then copied to the selected cloud storage or repository server for longer-term protection. During the first copy of a backup volume, the snapshot is backed up in full. After the first copy of the base snapshot is completed, subsequent copies are incremental and capture cumulative changes since the last copy. Cloud or repository server restore operations can be performed from any vSnap server.
      Disable Schedule
      Select this checkbox to create the copy policy without defining a frequency or start time.
      Repeats
      Enter a frequency for snapshot operations. Select Subhourly, Hourly, Daily, Weekly, Monthly, or Yearly. When Weekly is selected, you can select one or more days of the week. The specified start time applies to the selected days of the week.
      Start Time
      Enter the date and time that you want the copy operation to start.
      The time zone is automatically populated with your browser settings. To update the time zone, click the field and select a region and city from the list, for example: Europe/Dublin. You can also click the field and enter a region or city in the Search field, and select an item from the matching results.
      Same retention as source selection
      Select this option to use the same retention policy as the source vSnap server. To set a different retention policy, clear this option and set a different policy.
      Restriction: Copy retention options are unavailable if a server that uses Write Once Read Many (WORM) retention is selected in the Target field.
      Source
      Click the source for the copy operation:
      Backup Policy Destination
      The source for the copy operation is the target site that is defined in the Backup Policy section.
      Replication Policy Destination
      The source for the copy operation is the target site that is defined in the Replication Policy section.
      This option is enabled only when Backup Storage Replication is selected.
      Destination
      Click Cloud services or Repository servers.
      Target
      Click the cloud storage system or repository server to which you want to copy data.
      This list contains the secondary storage systems that you added to IBM Spectrum Protect Plus.
      Archive object storage (full copy)
      Select this option to archive data to cloud storage or to a repository server for long-term protection. This option is enabled only when Backup Policy is selected.
      This operation provides a full image copy to the selected archival storage.
      Disable Schedule
      Select this checkbox to create the archive policy without defining a frequency or start time.
      Repeats
      Enter a frequency for snapshot operations. Select Subhourly, Hourly, Daily, Weekly, Monthly, or Yearly. When Weekly is selected, you can select one or more days of the week. The specified start time applies to the selected days of the week.
      Start Time
      Enter the date and time that you want the archive operation to start.
      The time zone is automatically populated with your browser settings. To update the time zone, click the field and select a region and city from the list, for example: Europe/Dublin. You can also click the field and enter a region or city in the Search field, and select an item from the matching results.
      Retention
      Specify the retention period for the archive snapshots as a unit of time in days, months, or years.
      Source
      Click the source for the archive destination:
      Backup Policy Destination
      The source for the archive operation is the target site that is defined in the Backup Policy section.
      Replication Policy Destination
      The source for the archive operation is the target site that is defined in the Replication Policy section.
      This option is enabled only when Backup Storage Replication is selected.
      Destination
      Click Cloud services or Repository servers.
      Target
      Click the cloud storage system or repository server to which you want to archive data.
      Only cloud targets that have a defined archive bucket are shown in this list.
  6. Review your selections, and then click Submit.
    The SLA policy that you created is displayed in the table in the SLA Policies pane.

What to do next

After you create an SLA policy, take the following actions: