Remote Object Storage

Zadara VPSA provides built in backup and restore capabilities to Zadara Object Storage, AWS S3, Google Cloud Storage, Azure Blob Storage or any other S3 compatible object storage. The backup process involves transporting VPSA Snapshots to the remote Object Storage for safe keeping.

Backup to Object Storage (B2OS) allows you to store a backup of the VPSA volume on Object Storage and later restore it to its original VPSA or to any other VPSA in a different location with access to the same object storage bucket.

Connecting to Remote Object Storage

In order to back up your data to Object Storage you need to connect the VPSA to the Object Storage bucket (container). To do this you will need the following information:

  • Bucket/Container name

  • Access key ID

  • Secret access key

Note

  • In order to keep the data backed up ready for restore, the remote Object Storage bucket must not have any life-cycle policy (such as archiving to Glacier) as all backup objects are required for immediate restore.

  • For AWS-S3 the minimal S3 permissions required for the remote Object Storage bucket keys:

    • GetLifecycleConfiguration

    • GetObject

    • PutObject

    • List*

    • DeleteObject

Since public object storage, such as AWS S3, is on a public network and your VPSA is within your private cloud or local network, there are 2 options:

  • Connect via a public IP address (see Assigning Public IPs for assigning a public IP address)

  • Connect via a proxy server in your VPC that has access to the Internet

To connect to Remote Object Storage:

  1. Go to VPSA GUI > Remote Object Storage and click Connect.

  2. Select between Zadara Object Storage, AWS S3, Google Cloud Storage, Azure Blob Storage or Custom (S3 Compatible Object Storage).

  3. Enter the bucket/container name, access key and secret key.

  4. Select the connection method – via public IP, or the local management network.

  5. If needed, set-up a proxy server and provide the proxy IP address and port, as well as login credentials.

    Note

    For details about setting up the proxy server see this article: Setup Backup To S3 (B2S3) Through a Proxy In Your AWS VPC

    If the target Object Storage type is AWS S3, the following options are available:

    • Region - the target bucket AWS region (mandatory)

    • Ignore Lifecycle Policies - Could be checked in case Lifecycle cannot be disabled on the target bucket. (not recommended)

    • Use KMS Key ID - default KMS managed private key ID to be used for SSE (Server-Side Encryption). (optional)

  6. Press Submit.

Viewing Remote Object Storage properties

The Remote Object Storages details are shown in the following South Panel tabs:

Properties

Each Remote Object Storage includes the following properties:

Property

Description

ID

An internally assigned unique ID

Type

AWS S3, Google Cloud Storage, VPSA Object Storage or Custom

Endpoint

Location (region) of the object storage

Connect Via

The network used for the backup data transfer (Public IP or Management Network)

Bucket

The name of the S3 bucket used to store the backup data

Proxy IP

IP address of the proxy server

Proxy Port

Port used for the proxy connection (typically 3128)

KMS Key

(AWS S3) The KMS Key ID used for SSE

Allow Lifcycle Policies

Whether Lifecycle Policies are ignored for the target Bucket

Backup Jobs Tab - List of all backup jobs using the selected Remote Object Storage

Restore Jobs Tab - List of all restore jobs using the selected Remote Object Storage

Logs Tab - List of event log messages related to that Remote Object Storage