Introducing the QoreStor documentation
Introducing QoreStor
QoreStor data storage concepts
Setting up your QoreStor system
Data deduplication and compression
Encryption at rest
Streams and connections
Quotas
Secure connect
Replication
Performance Tiers
Cloud Tiering
Disaster Recovery from the cloud
Supported file system protocols
CIFS
NFS
Rapid NFS and Rapid CIFS benefits
Rapid NFS and Rapid CIFS
RDA with Quest's Netvault Backup and vRanger
RDA with OST for QoreStor
NDMP
iSCSI
QoreStor processes
Networking requirements
Configurations required when using proxy servers
Logging onto the system GUI for the first time
Configuring QoreStor with the Configuration Menu
Configuring QoreStor settings
Initial login and changing your password
Initial network configuration
Using the QoreStor Menu
QoreStor Administration
QoreStor Maintenance
QoreStor Statistics
Using the QoreStor UI
Using the QoreStor command line
Using the QoreStor Web Terminal
Using the QoreStor REST API
Licensing QoreStor
Configuring an SSL Certificate for your QoreStor System
Configuring Active Directory settings
Understanding system operation scheduling
Configuring Secure Connect
Managing containers
Enabling Secure Connect
Managing Secure Connect with plug-in 4.1.0.265 or later
Adding certificates for Secure Connect
Enabling MultiConnect
Configuring and using Rapid NFS and Rapid CIFS
Rapid NFS and Rapid CIFS benefits
Best practices: Rapid NFS
Best practices: Rapid CIFS
Installing the Rapid NFS plug-in
Installing the Rapid CIFS plug-in
Monitoring performance
Uninstalling the Rapid NFS plug-in
Uninstalling the Rapid CIFS plug-in
Configuring and using VTL
Understanding VTL
Terminology
Supported virtual tape library access protocols
VTL and DR Series specifications
Guidelines for configuring VTL
Configuring and Using Encryption at Rest
Understanding Encryption at Rest
Encryption at Rest Terminology
Encryption at rest and QoreStor considerations
Understanding the encryption process
Configuring email notification settings
Viewing containers
Creating a container
Managing storage groups
Creating an OST or RDS connection type container
Adding an NFS or CIFS connection type container
Creating a VTL type container
Adding a Cloud Tiering policy
Deleting a container
Viewing storage group information
Adding a storage group
Adding a Cloud storage group
Managing replications
Adding a cloud tier through the GUI
Performing a recovery from the cloud
Modifying a storage group
Deleting a storage group
Configuring a Performance Tier
Configuring additional storage
Adding a Microsoft Azure cloud tier
Adding an Amazon S3 cloud tier
Adding a Wasabi S3 cloud tier
Adding an S3 Compatible cloud tier
Adding a cloud tier through the command line
Guidelines and prerequisites for replication
Replication seeding
Viewing replication information
Adding replication relationships
Configuring replication schedules
Modifying replication relationships
Deleting replication relationships
Starting and stopping replication
Managing Users
Managing QoreStor Remotely
Getting Started With the Global View Cloud Portal
Registering QoreStor with the portal
Enabling Remote Management
Viewing and using the GlobalView page
Monitoring the QoreStor system
Using the Dashboard page
Viewing QoreStor statistics by using the CLI
Monitoring system alerts
Monitoring clients
Monitoring system events
Support, maintenance, and troubleshooting
Adding a Wasabi S3 cloud tier
Managing storage groups > Adding a Cloud storage group > Adding a cloud tier through the GUI > Adding a Wasabi S3 cloud tier
To add a cloud storage group, complete the following steps:
- In the navigation menu, click Cloud Tier.
- In the Cloud pane, click Configure to add a cloud tier.
- In the Cloud Provider drop-down, select Wasabi S3.
- Provide a container name. This is the existing name of your container in your cloud platform.
- Enter your Connection String using one of the two methods below:
- Default - this option will compile your connection string into the correct format using the inputs below.
- Access key - The access key is typically 20 upper-case English characters
- Secret key - The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- Region - The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
- Endpoint - If you are using VPC endpoints, enter the correct endpoint information.
- Custom - this option allows you to enter your connection string with additional parameters.
- Your connection string uses the following syntax:
"accesskey=<ABDCEWERS>;secretkey=< >; loglevel=warn; region=<aws-region>;"
Please note the following:
- The access key is typically 20 upper-case English characters
- The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
An example of a connection string with this syntax follows. Logically, each connection string is unique.
accesskey=AKIARERFUCFODHFJUCWK;secretkey=p+8/T+o5WeZkX11QbuPazHX1IdWbwgFplxuVlO8J;loglevel=warn;region=eu-central-1;
- Your connection string uses the following syntax:
- Default - this option will compile your connection string into the correct format using the inputs below.
- To apply encryption, select Encryption and enter the following:
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
IMPORTANT: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable. If this passphrase is lost or forgotten, data in the cloud will be unrecoverable.
- Confirm Passphrase — re-enter the passphrase used above.
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
- Click Configure. A Cloud Storage Group will be created.
- To enable replication to the cloud, you must link a local container to the cloud using the procedures in Adding a Cloud Tiering policy.
Adding an S3 Compatible cloud tier
Managing storage groups > Adding a Cloud storage group > Adding a cloud tier through the GUI > Adding an S3 Compatible cloud tier
To add a cloud storage group, complete the following steps:
- In the navigation menu, click Cloud Tier.
- In the Cloud pane, click Configure to add a cloud tier.
- In the Cloud Provider drop-down, select S3 Compatible.
- Provide a container name. This is the existing name of your container in your cloud platform.
- Enter your Connection String using one of the two methods below:
- Default - this option will compile your connection string into the correct format using the inputs below.
- Access key - The access key is typically 20 upper-case English characters
- Secret key - The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- Region - The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
- Endpoint - If you are using VPC endpoints, enter the correct endpoint information.
- Custom - this option allows you to enter your connection string with additional parameters.
- Your connection string uses the following syntax:
"accesskey=<ABDCEWERS>;secretkey=< >; loglevel=warn; region=<aws-region>;"
Please note the following:
- The access key is typically 20 upper-case English characters
- The secret key is generated automatically by AWS. It is typically 40 characters, including mixed upper and lower-case and special symbols.
- The region specifies the Amazon-specific region in which you want to deploy your backup solution. Your region name can be obtained from https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
An example of a connection string with this syntax follows. Logically, each connection string is unique.
accesskey=AKIARERFUCFODHFJUCWK;secretkey=p+8/T+o5WeZkX11QbuPazHX1IdWbwgFplxuVlO8J;loglevel=warn;region=eu-central-1;
- Your connection string uses the following syntax:
- Default - this option will compile your connection string into the correct format using the inputs below.
- To apply encryption, select Encryption and enter the following:
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
IMPORTANT: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable. If this passphrase is lost or forgotten, data in the cloud will be unrecoverable.
- Confirm Passphrase — re-enter the passphrase used above.
- Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.
- Click Configure. A Cloud Storage Group will be created.
- To enable replication to the cloud, you must link a local container to the cloud using the procedures in Adding a Cloud Tiering policy.
Adding a cloud tier through the command line
Managing storage groups > Adding a Cloud storage group > Adding a cloud tier through the command line
To add a cloud tier, complete the following steps.
- Access the QoreStor CLI. Refer to Using the QoreStor command line for more information.
- Add a new cloud tier using the command
cloud_tier --add --cloud_container <name> --cloud_provider <AWS-S3|AZURE|Wasabi-S3|S3-Compatible>
NOTE: You will be prompted to enter your Azure connection string or AWS access string after executing the command.
Refer to the QoreStor Command LIne Reference Guide for more information on the cloud_tier command and available options.
Performing a recovery from the cloud
To recover your QoreStor configuration and cloud-replicated data from the cloud, perform the steps below. Before peforming these steps, make sure you have the following:
- A functional, properly licensed QoreStor server.
- The connection string for your cloud storage account. This is different depending on your cloud provider. Refer to the appropriate section below for more information.
To perform a disaster recovery
- On your QoreStor server, execute the recovery command
maintenance --disaster_recovery --cloud_string <name> --container_name <name> --cloud_provider_type <name> --passphrase <name> [--logfile <name>]
where
--cloud_string cloud connecion string.
--container_name cloud cotainer name.
--cloud_provider_type cloud provider type.
--passphrase passphrase.
--logfile log file path.
This will regenerate configuration data, initialize the QoreStor dictionary, and configure container namespace and blockmaps. When completed, you will see the message
Processing Datastores: Done
- After the data recovery process is complete, perform a filesystem repair with the command
maintenance --filesystem --repair_now
When the file system repair is finished, the process is complete.
Next steps
Depending on your configuration, there may be several steps required after recovering your QoreStor server. Some actions to consider are:
- If you are using QoreStor with NetVault Backup, you will need to add the new QoreStor as target device and add the container.
- Depnding on your DMA, you may need to reconfigure DMA or client connections to reference the new QoreStor server.
- Once a disaster recovery completes, the recovered source containers will be unencrypted. Before ingesting new data into the recovered containers, you must enabled encryption on the recovered storage groups.
NOTE:The recovered containers contain only stub files. The data remains encrypted in the cloud tier.