How To
Summary
IBM Spectrum Protect Plus is a modern data protection solution for virtual environments, databases, and applications.
IBM Spectrum Protect Plus V10.1.3 introduces a new data offload capability that is ideal for long-term data storage and data compliance and provides an attractive storage option for disaster recovery and cyber resiliency.
Objective
This document provides step-by-step instructions on how to configure IBM Spectrum Protect Plus and configure the cloud object storage to take advantage of the new data offload capability.
-
Section 1: provides an overview of how to configure each supported cloud object storage provider so that it can be used with IBM Spectrum Protect Plus. For each supported cloud object storage provider see how to getting started as a backup provider:
-
Section 2: shows you how to specify data offload in an SLA using the configured cloud object storage provider
-
Sections 3 and Section 4: briefly discuss backup and recovery topics associated with data offload.
Environment
The following storage targets are available for offload backup operations:
-
Amazon S3 cloud storage
-
IBM Cloud Object Storage
-
IBM Cloud Object Storage with immutable object storage
-
Microsoft Azure Blob Storage (Hot and Cool Storage Tiers)
-
IBM Spectrum Protect server.
Use the links above to see how to configure the object storage as a backup storage provider
This figure illustrates data offload to a cloud platform:
Steps
Section 1: Create backup storage provider for cloud object storage
This section discusses provides an overview of how to configure the object storage so that it can be used with IBM Spectrum Protect Plus
-
Getting Started with Amazon Web Services S3 as a backup storage provider
This section provides a high-level overview of Amazon AWS processes and procedure needed to configure your S3 object storage account for use with IBM Spectrum Protect Plus. You are required to have a fully functional Amazon AWS account.
-
Before you begin:
Review the Offload Requirements: https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.3/spp/t_spp_cloud_s3_add.html
Refer to: Amazon Simple Storage Service Documentation for the most updated documentation for Amazon S3 storage system. -
Creating Cloud Bucket -Creating an AWS S3 Bucket:
To create an AWS S3 Bucket:-
Log into the AWS console with a user account that has administrative privileges. Type “S3” into the Find Services search bar and select S3 – Scalable Storage in the Cloud.
-
From the S3 page, click Create Bucket to display the Create bucket dialog box.
-
Enter a globally unique name for your bucket in the Bucket name field between 3 and 63 characters long, and which contains only lower-case characters, numbers, and dashes. Select the region closest to your company’s location.
-
Click Next to Configure options and keep all options unchecked. Note here that IBM Spectrum Protect Plus does not support Versioning or Lifecycle Management by AWS S3. All lifecycle management is maintained by IBM Spectrum Protect Plus and enabling Versioning or Lifecycle Management will cause loss of data.
-
Click Next to advance to Set Permissions and leave all options as default (all Recommended options should be checked).
-
Select Next to review your settings and then click Create Bucket.
-
-
Creating an IBM Spectrum Protect Plus user account:
To create a user account for S3 bucket access:-
Log into the AWS console with a user account that has administrative privileges. Type “iam” into the Find Services search bar and select IAM – Manage User Access and Encryption Keys.
-
Select Users from the Navigation Pane and click Add User.
-
Create a username and only check Programmatic access. Note that that this user account will not have access to the AWS console and usage is restricted only to S3 with a policy that gets attached to this user in the next step.
-
Click Next and select Attach existing policies directly. In the Filter policies text field, type “s3” to bring up several AWS managed policies. Select only AmazonS3FullAccess and click next to optionally add tags to the user account, and next again to review User details.
-
Click Create User. The user account should have been created successfully. Click Show under Secret Access key and keep this key and the Access key ID in a secure place such as an encrypted password manager. This will be the only time you can view the Secret Access key. If you lose this key, you will have to delete and create another access key from the user’s account page under the Security credentials tab.
-
In IBM Spectrum Protect Plus interface, select System Configuration>Backup Storage>Cloud and click Add Cloud.
-
Select Amazon S3 as the Provider. Create a unique Name to identify the cloud object storage within IBM Spectrum Protect Plus.
-
Enter the Region where you just created your S3 object storage.
-
Create a unique Key Name to identify your keys within IBM Spectrum Protect PlusCopy and paste the Access Key and Secret Key you created in S3.
-
Click the Get Buckets button and select the bucket name you just created in S3.
-
Finally click Register. You have successfully completed the steps necessary to set up Amazon S3 as a cloud object storage provider.
-
-
-
-
Getting started with Microsoft Azure Blob storage as a backup storage provider
This section provides a high-level overview on how to enable IBM Spectrum Protect Plus to offload data to Microsoft Azure Blob storage.
-
Before you begin:
Review the Offload Requirements: https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.3/spp/t_spp_cloud_azure_add.html
Refer to: Microsoft Azure for the most updated version of the Azure product documentation. -
Getting Started with Azure Storage Accounts:
To create a storage account within Azure:-
Type “storage accounts” and select Storage accounts.
-
Click the Add button to bring up the Create storage account dialog box. Select a resource group or create a new resource group for the new storage account.
-
Enter a name for your storage account and choose a region that is closest to your data source. Keep the other options at their default settings including the settings in the Advanced tab after you press Next.
-
Optionally create a tag for the new storage account and press Review+Create to review your settings. Verify your settings are similar to the settings below and then click Create.
-
You will see the deployment screen below, and a notification when the storage account is completely set up. You have successfully created a new storage account within Microsoft Azure.
-
To find your access keys for the storage account you just created, click on the storage account and select Access Keys. These are the access keys you will input into IBM Spectrum Protect Plus for offload to Microsoft Azure. Two keys are provided for the purpose of maintaining a connection if you need to regenerate the other key.
-
The final step is to create a Blob container. Select Blobs under Blob server in the navigation pane.
-
Click Container to bring up the New container dialog box and type a name for your storage container. Ensure the Public access level is set to Private (no anonymous access) and click OK. A storage account, which contains a blob container for offload use, should have been created successfully.
-
In IBM Spectrum Protect Plus interface, select System Configuration>Backup Storage>Cloud and click Add Cloud.
-
Select Microsoft Azure Blob Storage as the Provider.
-
Create a unique Name to identify the cloud object storage within IBM Spectrum Protect Plus.
-
Select the Endpoint appropriate to where you just created your blob container, for example, Microsoft Azure Global
-
Create a unique Key Name to identify your keys within IBM Spectrum Protect Plus
-
Copy and paste the Storage Account Name and Key you created in Azure.
-
Click the Get Buckets button and select the container name you just created in Azure.
-
Finally click Register. You have successfully completed the steps necessary to set up Microsoft Azure Blob Storage as a cloud object storage provider.
-
-
-
-
Getting started with IBM Cloud Object Storage as a backup storage provider
This section provides a high-level overview on how to enable IBM Spectrum Protect Plus to offload data to IBM Cloud.
-
Before you begin:
Review the Offload Requirements: https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.3/spp/t_spp_cloud_icos_add.html
Refer to: IBM Cloud Object Storage for more information. -
Getting Started with Cloud Object Storage:
To create a vault and bucket within IBM Cloud Object Storage:-
Select System>Vaults in the left sided navigation pane and then click Create Vault at the top right.
-
Select a Storage Pool to create a Custom Vault and click Continue at the top right.
-
Create a name for your custom vault and select the Configuration and Option values appropriate for your environment and click Save at the top right.
-
Select System>Access Pools and note the IP address under Device Summary. This will be the IP Address you will input into the Endpoint field in IBM Spectrum Protect Plus (example: https://10.X.X.2).
-
Select Security at the top. Under Accounts, select the account that will access the Endpoint.
-
Under Access Key Authentication, note your Access Key ID and Secret Access Key.
-
In IBM Spectrum Protect Plus interface, select System Configuration>Backup Storage>Cloud and click Add Cloud.
-
Select IBM Cloud Object Storage as the Provider.
-
Create a unique Name to identify the cloud object storage within IBM Spectrum Protect Plus.
-
Enter the Endpoint corresponding to the Access Pool in step #4 above in the form: https://x.x.x.x
-
Create a unique Key Name to identify your keys within IBM Spectrum Protect Plus
-
Copy and paste Access Key and Secret Key from the step above.
-
Copy and paste the Certificate from the IBM Cloud Object Storage Manager. The certificate can be found under Security->System Fingerprint by selecting the certificate authority link.
-
Click the Get Buckets button and select the container name you just created in IBM Cloud Object Storage.
-
Finally click Register. You have successfully completed the steps necessary to set up IBM Cloud Object Storage as a cloud object storage provider.
-
-
-
-
Getting started IBM Spectrum Protect as a repository server
In addition to standard object storage systems, IBM Spectrum Protect Plus also provides the ability to store data long-term in container storage pools on an IBM Spectrum Protect Server. This is done using the S3 protocol to provide the same integration with policies and workloads as offered with other object systems. For the current release of IBM Spectrum Protect Plus, the repository server must be an IBM Spectrum Protect server Version 8.1.7 or later.
This figure illustrates on IBM Spectrum Protect Offload to IBM Spectrum Protect
To manage a repository storage server, refer to: Managing repository server storage and Offloading data from IBM Spectrum Protect Plus
Section 2: Create SLA Policy
After you add an Amazon S3 , Microsoft Azure, or IBM Cloud Object Storage storage provider, associate the cloud storage with the SLA policy used for the backup job by using the IBM Spectrum Protect Plus user interface.
-
To create or modify an existing SLA policy refer to: Managing SLA policies for backup operations
Section 3: Offload data to cloud object storage
During the first offload of a backup volume, the snapshot is backed up in full. After the first offload of the base snapshot is completed, subsequent offloads are incremental and capture cumulative changes since the last offload.
-
For more details refer to: Protecting hypervisors and Protecting applications
-
To edit settings for cloud storage, refer to: Editing settings for cloud storage
-
To delete cloud storage, refer to Deleting cloud storage. Delete a cloud storage provider to reflect changes in your cloud environment. Ensure that the provider is not associated with any SLA policies before deleting the provider.
Section 4: Recover data from cloud object storage
When recovering offloaded data from cloud an offload pool is imported to a vSnap server and the cloud offload restore operation proceeds as if the selected snapshot was available locally. IBM Spectrum Protect Plus is used to restore the snapshots from a vSnap server to the original or alternate destination. Note that: Instant Disk restore jobs utilizing offloading are not supported.
-
Procedure: If restoring an offloaded cloud backup, the cloud resource or repository server must be registered on the alternate IBM Spectrum Protect Plus location.
-
To restore IBM Spectrum Protect Plus data, refer to: Protecting hypervisors and Protecting applications
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 March 2019
UID
ibm10873038