IBM Support

Data offload to cloud object storage with IBM Spectrum Protect Plus

How To


Summary

IBM Spectrum Protect Plus is a modern data protection solution for virtual environments, databases, and applications.

IBM Spectrum Protect Plus V10.1.3 introduces a new data offload capability that is ideal for long-term data storage and data compliance and provides an attractive storage option for disaster recovery and cyber resiliency.

Objective

This document provides step-by-step instructions on how to configure IBM Spectrum Protect Plus and configure the cloud object storage to take advantage of the new data offload capability.

Environment

The following storage targets are available for offload backup operations:

  • Amazon S3 cloud storage

  • IBM Cloud Object Storage

  • IBM Cloud Object Storage with immutable object storage

  • Microsoft Azure Blob Storage (Hot and Cool Storage Tiers)

  • IBM Spectrum Protect server.

Use the links above to see how to configure the object storage as a backup storage provider

This figure illustrates data offload to a cloud platform:

OffloadCloudplatform

Steps

Section 1: Create backup storage provider for cloud object storage

This section discusses provides an overview of how to configure the object storage so that it can be used with IBM Spectrum Protect Plus
 

  • Getting Started with Amazon Web Services S3 as a backup storage provider

    This section provides a high-level overview of Amazon AWS processes and procedure needed to configure your S3 object storage account for use with IBM Spectrum Protect Plus. You are required to have a fully functional Amazon AWS account.

    • Before you begin:
      Review the Offload Requirements: https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.3/spp/t_spp_cloud_s3_add.html
      Refer to:  Amazon Simple Storage Service Documentation for the most updated  documentation for Amazon S3 storage system.

    • Creating Cloud Bucket -Creating an AWS S3 Bucket:
      To create an AWS S3 Bucket:

      1. Log into the AWS console with a user account that has administrative privileges. Type “S3” into the Find Services search bar and select S3 – Scalable Storage in the Cloud.

        GettingStartedwithAmazon1

      2. From the S3 page, click Create Bucket to display the Create bucket dialog box.

        GettingStartedwithAmazon2

      3. Enter a globally unique name for your bucket in the Bucket name field between 3 and 63 characters long, and which contains only lower-case characters, numbers, and dashes. Select the region closest to your company’s location.

      4. Click Next to Configure options and keep all options unchecked. Note here that IBM Spectrum Protect Plus does not support Versioning or Lifecycle Management by AWS S3. All lifecycle management is maintained by IBM Spectrum Protect Plus and enabling Versioning or Lifecycle Management will cause loss of data.

        GettingStartedwithAmazon4

      5. Click Next to advance to Set Permissions and leave all options as default (all Recommended options should be checked).

      6. Select Next to review your settings and then click Create Bucket.

    • Creating an IBM Spectrum Protect Plus user account:
      To create a user account for S3 bucket access:

      1. Log into the AWS console with a user account that has administrative privileges. Type “iam” into the Find Services search bar and select IAM – Manage User Access and Encryption Keys.

        GettingStartedwithAmazon1a

      2. Select Users from the Navigation Pane and click Add User.

        GettingStartedwithAmazon2a

      3. Create a username and only check Programmatic access. Note that that this user account will not have access to the AWS console and usage is restricted only to S3 with a policy that gets attached to this user in the next step.

        GettingStartedwithAmazon3a

      4. Click Next and select Attach existing policies directly. In the Filter policies text field, type “s3” to bring up several AWS managed policies. Select only AmazonS3FullAccess and click next to optionally add tags to the user account, and next again to review User details.

        GettingStartedwithAmazon4a
        GettingStartedwithAmazon4aa

      5. Click Create User. The user account should have been created successfully. Click Show under Secret Access key and keep this key and the Access key ID in a secure place such as an encrypted password manager. This will be the only time you can view the Secret Access key. If you lose this key, you will have to delete and create another access key from the user’s account page under the Security credentials tab.

        GettingStartedwithAmazon5a

      6. In IBM Spectrum Protect Plus interface, select System Configuration>Backup Storage>Cloud and click Add Cloud.

        1. Select Amazon S3 as the Provider. Create a unique Name to identify the cloud object storage within IBM Spectrum Protect Plus.

        2. Enter the Region where you just created your S3 object storage.

        3. Create a unique Key Name to identify your keys within IBM Spectrum Protect PlusCopy and paste the Access Key and Secret Key you created in S3.

        4. Click the Get Buckets button and select the bucket name you just created in S3.

        5. Finally click Register. You have successfully completed the steps necessary to set up Amazon S3 as a cloud object storage provider.
          GettingStartedwithAmazon6a

  • Getting started with Microsoft Azure Blob storage as a backup storage provider

    This section provides a high-level overview on how to enable IBM Spectrum Protect Plus to offload data to Microsoft Azure Blob storage.

    • Before you begin:
      Review the Offload Requirements: https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.3/spp/t_spp_cloud_azure_add.html
      Refer to: Microsoft Azure for the most updated version of the Azure product documentation.

    • Getting Started with Azure Storage Accounts:
      To create a storage account within Azure:

      1. Type “storage accounts” and select Storage accounts.

        GettingStartedwithAzure1

      2. Click the Add button to bring up the Create storage account dialog box. Select a resource group or create a new resource group for the new storage account.

        GettingStartedwithAzure2

      3. Enter a name for your storage account and choose a region that is closest to your data source. Keep the other options at their default settings including the settings in the Advanced tab after you press Next.

        GettingStartedwithAzure3

        GettingStartedwithAzure3a

      4. Optionally create a tag for the new storage account and press Review+Create to review your settings. Verify your settings are similar to the settings below and then click Create.

        GettingStartedwithAzure4

      5. You will see the deployment screen below, and a notification when the storage account is completely set up. You have successfully created a new storage account within Microsoft Azure.

        GettingStartedwithAzure5
        GettingStartedwithAzure5a

      6. To find your access keys for the storage account you just created, click on the storage account and select Access Keys. These are the access keys you will input into IBM Spectrum Protect Plus for offload to Microsoft Azure. Two keys are provided for the purpose of maintaining a connection if you need to regenerate the other key.

        GettingStartedwithAzure6

      7. The final step is to create a Blob container. Select Blobs under Blob server in the navigation pane.

        GettingStartedwithAzure7

      8. Click Container to bring up the New container dialog box and type a name for your storage container. Ensure the Public access level is set to Private (no anonymous access) and click OK. A storage account, which contains a blob container for offload use, should have been created successfully.

        GettingStartedwithAzure8
        GettingStartedwithAzure8a

      9. In IBM Spectrum Protect Plus interface, select System Configuration>Backup Storage>Cloud and click Add Cloud.

        1. Select Microsoft Azure Blob Storage as the Provider.

        2. Create a unique Name to identify the cloud object storage within IBM Spectrum Protect Plus.

        3. Select the Endpoint appropriate to where you just created your blob container, for example, Microsoft Azure Global

        4. Create a unique Key Name to identify your keys within IBM Spectrum Protect Plus

        5. Copy and paste the Storage Account Name and Key you created in Azure.

        6. Click the Get Buckets button and select the container name you just created in Azure.

        7. Finally click Register. You have successfully completed the steps necessary to set up Microsoft Azure Blob Storage as a cloud object storage provider.

          GettingStartedwithAzure9

  • Getting started with IBM Cloud Object Storage as a backup storage provider

    This section provides a high-level overview on how to enable IBM Spectrum Protect Plus to offload data to IBM Cloud.

    • Before you begin:
      Review the Offload Requirements: https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.3/spp/t_spp_cloud_icos_add.html
      Refer to: IBM Cloud Object Storage for more information.

    • Getting Started with Cloud Object Storage:
      To create a vault and bucket within IBM Cloud Object Storage:

      1. Select System>Vaults in the left sided navigation pane and then click Create Vault at the top right.

        GettingStartedwithIBMCOS

      2. Select a Storage Pool to create a Custom Vault and click Continue at the top right.

        GettingStartedwithIBMCOS 2

      3. Create a name for your custom vault and select the Configuration and Option values appropriate for your environment and click Save at the top right.

        GettingStartedwithIBMCOS 3

      4. Select System>Access Pools and note the IP address under Device Summary. This will be the IP Address you will input into the Endpoint field in IBM Spectrum Protect Plus (example: https://10.X.X.2).

        GettingStartedwithIBMCOS 4

      5. Select Security at the top. Under Accounts, select the account that will access the Endpoint.

        GettingStartedwithIBMCOS 5

      6. Under Access Key Authentication, note your Access Key ID and Secret Access Key.

        GettingStartedwithIBMCOS 6

      7. In IBM Spectrum Protect Plus interface, select System Configuration>Backup Storage>Cloud and click Add Cloud.

        1. Select IBM Cloud Object Storage as the Provider.

        2. Create a unique Name to identify the cloud object storage within IBM Spectrum Protect Plus.

        3. Enter the Endpoint corresponding to the Access Pool in step #4 above in the form: https://x.x.x.x

        4. Create a unique Key Name to identify your keys within IBM Spectrum Protect Plus

        5. Copy and paste Access Key and Secret Key from the step above.

        6. Copy and paste the Certificate from the IBM Cloud Object Storage Manager. The certificate can be found under Security->System Fingerprint by selecting the certificate authority link.

        7. Click the Get Buckets button and select the container name you just created in IBM Cloud Object Storage.

        8. Finally click Register. You have successfully completed the steps necessary to set up IBM Cloud Object Storage as a cloud object storage provider.

          GettingStartedwithIBMCOS 7

  • Getting started IBM Spectrum Protect as a repository server

    In addition to standard object storage systems, IBM Spectrum Protect Plus also provides the ability to store data long-term in container storage pools on an IBM Spectrum Protect Server. This is done using the S3 protocol to provide the same integration with policies and workloads as offered with other object systems. For the current release of IBM Spectrum Protect Plus, the repository server must be an IBM Spectrum Protect server Version 8.1.7 or later.

    This figure illustrates on IBM Spectrum Protect Offload to IBM Spectrum Protect

    SPPOffloadtoSP

    To manage a repository storage server, refer to: Managing repository server storage and Offloading data from IBM Spectrum Protect Plus
     

Section 2: Create SLA Policy

After you add an Amazon S3 , Microsoft Azure, or IBM Cloud Object Storage storage provider, associate the cloud storage with the SLA policy used for the backup job by using the IBM Spectrum Protect Plus user interface.

Section 3: Offload data to cloud object storage

During the first offload of a backup volume, the snapshot is backed up in full. After the first offload of the base snapshot is completed, subsequent offloads are incremental and capture cumulative changes since the last offload.

Section 4: Recover data from cloud object storage

When recovering offloaded data from cloud an offload pool is imported to a vSnap server and the cloud offload restore operation proceeds as if the selected snapshot was available locally. IBM Spectrum Protect Plus is used to restore the snapshots from a vSnap server to the original or alternate destination. Note that: Instant Disk restore jobs utilizing offloading are not supported.

  • Procedure:  If restoring an offloaded cloud backup, the cloud resource or repository server must be registered on the alternate IBM Spectrum Protect Plus location.

  • To restore IBM Spectrum Protect Plus data, refer to: Protecting hypervisors and Protecting applications
     

Document Location

Worldwide

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"V10.1.3","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
19 March 2019

UID

ibm10873038