Adding a Wasabi S3 cloud tier
To add a cloud storage group, complete the following steps:
- In the navigation menu, click Cloud Tier.
- In the Cloud pane, click Configure to add a cloud tier.
- In the Cloud Provider drop-down, select Wasabi S3.
- Provide a container name. This is the existing name of your container in your cloud platform.
- Enter your Connection String using one of the two methods below:
- Default - this option will compile your connection string into the correct format using the inputs below.
- Access key - The access key is typically 20 upper-case English characters
- Secret key - The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- Region - The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
- Endpoint - If you are using VPC endpoints, enter the correct endpoint information.
- Custom - this option allows you to enter your connection string with additional parameters.
- Your connection string uses the following syntax:
"accesskey=<ABDCEWERS>;secretkey=< >; loglevel=warn; region=<aws-region>;"
Please note the following:
- The access key is typically 20 upper-case English characters
- The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
An example of a connection string with this syntax follows. Logically, each connection string is unique.
accesskey=AKIARERFUCFODHFJUCWK;secretkey=p+8/T+o5WeZkX11QbuPazHX1IdWbwgFplxuVlO8J;loglevel=warn;region=eu-central-1;
- To apply encryption, select Encryption and enter the following:
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
|
IMPORTANT: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable. If this passphrase is lost or forgotten, data in the cloud will be unrecoverable. |
- Confirm Passphrase — re-enter the passphrase used above.
- Click Configure. A Cloud Storage Group will be created.
- To enable replication to the cloud, you must link a local container to the cloud using the procedures in Adding a Cloud Tiering policy.
Adding an S3 Compatible cloud tier
To add a cloud storage group, complete the following steps:
- In the navigation menu, click Cloud Tier.
- In the Cloud pane, click Configure to add a cloud tier.
- In the Cloud Provider drop-down, select S3 Compatible.
- Provide a container name. This is the existing name of your container in your cloud platform.
- Enter your Connection String using one of the two methods below:
- Default - this option will compile your connection string into the correct format using the inputs below.
- Access key - The access key is typically 20 upper-case English characters
- Secret key - The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- Region - The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
- Endpoint - If you are using VPC endpoints, enter the correct endpoint information.
- Custom - this option allows you to enter your connection string with additional parameters.
- Your connection string uses the following syntax:
"accesskey=<ABDCEWERS>;secretkey=< >; loglevel=warn; region=<aws-region>;"
Please note the following:
- The access key is typically 20 upper-case English characters
- The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
An example of a connection string with this syntax follows. Logically, each connection string is unique.
accesskey=AKIARERFUCFODHFJUCWK;secretkey=p+8/T+o5WeZkX11QbuPazHX1IdWbwgFplxuVlO8J;loglevel=warn;region=eu-central-1;
- To apply encryption, select Encryption and enter the following:
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
|
IMPORTANT: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable. If this passphrase is lost or forgotten, data in the cloud will be unrecoverable. |
- Confirm Passphrase — re-enter the passphrase used above.
- Click Configure. A Cloud Storage Group will be created.
- To enable replication to the cloud, you must link a local container to the cloud using the procedures in Adding a Cloud Tiering policy.
Adding a cloud tier through the command line
To add a cloud tier, complete the following steps.
-
- Access the QoreStor CLI. Refer to Using the QoreStor command line for more information.
- Add a new cloud tier using the command
cloud_tier --add --cloud_container <name> --cloud_provider <AWS-S3|AZURE|Wasabi-S3|S3-Compatible>
|
NOTE: You will be prompted to enter your Azure connection string or AWS access string after executing the command. |
Refer to the QoreStor Command LIne Reference Guide for more information on the cloud_tier command and available options.
Performing a recovery from the cloud
To recover your QoreStor configuration and cloud-replicated data from the cloud, perform the steps below. Before peforming these steps, make sure you have the following:
- A functional, properly licensed QoreStor server.
- The connection string for your cloud storage account. This is different depending on your cloud provider. Refer to the appropriate section below for more information.
To perform a disaster recovery
- On your QoreStor server, execute the recovery command
maintenance --disaster_recovery --cloud_string <name> --container_name <name> --cloud_provider_type <name> --passphrase <name> [--logfile <name>]
where
--cloud_string cloud connecion string.
--container_name cloud cotainer name.
--cloud_provider_type cloud provider type.
--passphrase passphrase.
--logfile log file path.
This will regenerate configuration data, initialize the QoreStor dictionary, and configure container namespace and blockmaps. When completed, you will see the message
Processing Datastores: Done
- After the data recovery process is complete, perform a filesystem repair with the command
maintenance --filesystem --repair_now
When the file system repair is finished, the process is complete.
Next steps
Depending on your configuration, there may be several steps required after recovering your QoreStor server. Some actions to consider are:
- If you are using QoreStor with NetVault Backup, you will need to add the new QoreStor as target device and add the container.
- Depnding on your DMA, you may need to reconfigure DMA or client connections to reference the new QoreStor server.
- Once a disaster recovery completes, the recovered source containers will be unencrypted. Before ingesting new data into the recovered containers, you must enabled encryption on the recovered storage groups.
|
NOTE:The recovered containers contain only stub files. The data remains encrypted in the cloud tier. |