Preparing to configure cloud-container storage pools for IBM Cloud Object Storage with S3 (on premises)

Before you configure cloud-container storage pools to use IBM Cloud Object Storage on premises with S3, you must set up an IBM Cloud Object Storage vault template and an IBM Cloud Object Storage user account, and then obtain configuration information.

About this task

Restriction:

To use IBM Cloud Object Storage on premises with S3, ensure that your version of IBM Cloud Object Storage is compatible with your version of IBM Spectrum® Protect.

For IBM Spectrum Protect Version 8.1.4 or later, IBM Cloud Object Storage V3.8.3 or later is required.

IBM Cloud Object Storage vaults are used in the same manner as containers in a cloud-container storage pool. Set up a vault template to quickly create vaults with your preferred settings.

After you create a vault template, use the credentials from your IBM Cloud Object Storage user account to configure the storage pools in the Operations Center or with the DEFINE STGPOOL command. The server uses the Simple Storage Service (S3) protocol to communicate with IBM Cloud Object Storage.

Tip: You can skip the first four steps in the procedure if you want to configure an existing vault by using the BUCKETNAME parameter in the DEFINE STGPOOL or UPDATE STGPOOL commands.

Procedure

  1. Create a vault template:
    1. Log in to IBM Cloud Object Storage and click the Configure tab.
    2. In the dsNet navigation pane, expand Storage Pools.
    3. Select the IBM Cloud Object Storage storage pool where you want to create the vault template, and click the Storage Pool link in the General section.
    4. In the Vault Templates section, click Create Vault Template.
    5. Select the settings for the default vault template. You might be able to optimize performance by not selecting the Enable SecureSlice Technology or the Name Index Enabled options, and selecting the Recovery Listing Enabled option.
    6. In the Deployment section, select the access pool or pools that you want to use for the template and click Save.
  2. Set the vault template as the default for your IBM Cloud Object Storage dsNet:
    1. Click the Configure tab.
    2. In the Default Vault Template Configuration section, click Configure.
    3. Select a vault template to use as the default, and click Update to set that template as the default.
  3. If this is your first time configuring a vault template, enable the vault provisioning role so you can create new vaults:
    1. Click the Administration tab.
    2. In the Provisioning API Configuration section, click Configure.
    3. Select Create Only or Create and Delete to let users create new vaults using the Provisioning API.
    4. Click Update to save the settings.
  4. Use an IBM Cloud Object Storage account with administration authority to create a user account on the IBM Cloud Object Storage instance in your environment. Ensure that the new user account has the Vault Provisioner role.
  5. Click the Security tab and select the new user account.
  6. Generate an access key for the new user:
    1. In the Access Key Authentication section, click Change Keys.
    2. On the Edit Access Keys page, click Generate New Access Key.
    3. Click Back.
  7. In the Access Key Authentication section, locate the Access Key ID and Secret Access Key values. Record the values so that you can use them when you configure storage pools.
  8. Locate the URL value:
    1. Click the Configure tab.
    2. In the dsNet navigation pane, expand the Devices and Accesser® sections.
    3. Select the IBM Cloud Object Storage Accesser. Verify that the Accesser belongs to an access pool to which the default vault template is deployed.
    4. In the Device Configuration section for the Accesser, record the IP Address value so that you can use it when you configure storage pools. Use http:// before the IP address value to prevent certificate security errors.
  9. If you configure storage pools by using the Add Storage Pool wizard in the Operations Center, use the following values for the parameters:
    • Cloud type: IBM Cloud Object Storage - S3 API
    • Access key ID: access_key_ID
    • Secret access key: secret_access_key
    • Bucket name: Use the default bucket name generated by the server, or specify a new bucket name.
    • URL: http://Cloud_Object_Storage_Accesser_IP_address
      Important: If you use more than one Accesser, type an Accesser IP address and then press Enter to add additional IP addresses. Use multiple Accessers or a load balancer for optimal performance.
  10. If you configure storage pools by using the DEFINE STGPOOL command, use the following values for the command parameters:
    • CLOUDTYPE: S3
    • IDENTITY: access_key_ID
    • PASSWORD: secret_access_key
    • CLOUDURL: http://Cloud_Object_Storage_Accesser_IP_address
      Tip: To optimize performance, use multiple Accessers. To use more than one IBM Cloud Object Storage Accesser, list the Accesser IP addresses separated by a vertical bar (|), with no spaces, enclosed by quotation marks, as in the following example:
      cloudurl="accesser_ur1|accesser_url2|accesser_url3"

What to do next

Configure cloud-container storage pools for IBM Cloud Object Storage by following the instructions in Configuring a cloud-container storage pool for data storage.