English

Backing up data to Amazon S3

Contributors netapp-bcammett

Backup to S3 is an add-on service for Cloud Volumes ONTAP that delivers backup and restore capabilities for protection, and long-term archive of your cloud data. Backups are stored in an S3 bucket in your account, independent of volume Snapshot copies used for near-term recovery or cloning.

When you enable Backup to S3, the service performs a full backup of your data. All additional backups are incremental, which means that only changed blocks and new blocks are backed up. You can set the backup schedule to daily, or weekly, or monthly.

Note that you must use Cloud Manager for all backup and restore operations. Any actions taken directly from ONTAP or from Amazon S3 results in an unsupported configuration.

Quick start

Get started quickly by following these steps or scroll down to the remaining sections for full details.

Number 1 Verify support for your configuration

  • You’re running Cloud Volumes ONTAP 9.6 or later in AWS.

  • You have subscribed to the new Cloud Manager Marketplace offering.

  • The IAM role that provides Cloud Manager with permissions includes S3 permissions from the latest Cloud Manager policy.

  • Cloud Volumes ONTAP has a connection to S3 through a VPC Endpoint.

Number 2 Enable Backup to S3 on your new or existing system

  • New systems: Backup to S3 is enabled by default in the working environment wizard. Be sure to keep the option enabled.

  • Existing systems: Open the working environment, click the backup settings icon and enable backups.

    A screenshot that shows the Backup to S3 icon which is available after you open a working environment.

Number 3 If needed, modify the backup policy

The default policy backs up volumes every day and retains 30 backup copies of each volume. Change to weekly or monthly backups or change the number of backup copies to retain.

A screenshot that shows the Backup to S3 settings where you can enable or disable the feature and then choose your backup retention.

Number 4 Restore your data, as needed

At the top of Cloud Manager, click Backup & Restore, select a volume, select a backup, and then restore data from the backup to a new volume.

A screenshot of the restore icon for a backup after you select a volume.

Requirements

Read the following requirements to make sure that you have a supported configuration before you start backing up volumes to S3.

Supported ONTAP versions

Cloud Volumes ONTAP 9.6 and later.

Supported AWS regions

Backup to S3 is supported in all AWS regions where Cloud Volumes ONTAP is supported.

AWS subscription requirement

Starting with the 3.7.3 release, a new Cloud Manager subscription is available in the AWS Marketplace. This subscription enables deployments of Cloud Volumes ONTAP 9.6 and later (PAYGO) and Backup to S3. You need to subscribe to this new Cloud Manager subscription before you enable Backup to S3. Billing for Backup to S3 is done through this subscription.

AWS permissions required

The IAM role that provides Cloud Manager with permissions must include S3 permissions from the latest Cloud Manager policy.

Here are the specific permissions from the policy:

{
            "Sid": "backupPolicy",
            "Effect": "Allow",
            "Action": [
                "s3:DeleteBucket",
                "s3:GetLifecycleConfiguration",
                "s3:PutLifecycleConfiguration",
                "s3:PutBucketTagging",
                "s3:ListBucketVersions",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:ListAllMyBuckets",
                "s3:GetBucketTagging",
                "s3:GetBucketLocation",
                "s3:GetBucketPolicyStatus",
                "s3:GetBucketPublicAccessBlock",
                "s3:GetBucketAcl",
                "s3:GetBucketPolicy",
                "s3:PutBucketPublicAccessBlock"
            ],
            "Resource": [
                "arn:aws:s3:::netapp-backup-*"
            ]
        },
VPC Endpoint to S3

Ensure that Cloud Volumes ONTAP has a connection to S3 through a VPC Endpoint to the S3 service. For instructions, see AWS Documentation: Creating a Gateway Endpoint.

When you create the VPC Endpoint, be sure to select the region, VPC, and route table that corresponds to the Cloud Volumes ONTAP instance. You must also modify the security group to add an outbound HTTPS rule that enables traffic to the S3 endpoint. Otherwise, Cloud Volumes ONTAP cannot connect to the S3 service.

Enabling Backup to S3 on a new system

Backup to S3 is enabled by default in the working environment wizard. Be sure to keep the option enabled.

Steps
  1. Click Create Cloud Volumes ONTAP.

  2. Select Amazon Web Services as the cloud provider and then choose a single node or HA system.

  3. Fill out the Details & Credentials page.

  4. On the Services page, leave the service enabled and click Continue.

    Shows the Backup to S3 option in the working environment wizard.

  5. Complete the pages in the wizard to deploy the system.

Result

Backup to S3 is enabled on the system and backs up volumes every day and retains 30 backup copies. Learn how to modify backup retention.

Enabling Backup to S3 on an existing system

Enable Backup to S3 at any time directly from the working environment.

Steps
  1. Open the working environment.

  2. Click the backup settings icon.

    A screenshot that shows the Backup to S3 Settings icon which is available after you open a working environment.

  3. Select Automatically back up all volumes.

  4. Choose your backup retention and then click Save.

    A screenshot that shows the Backup to S3 settings where you can enable or disable the feature and then choose your backup retention.

Result

Backup to S3 starts taking the initial backups of each volume.

Changing the schedule and backup retention

The default policy backs up volumes every day and retains 30 backup copies of each volume. You can change to weekly or monthly backups and you can change the number of backup copies to retain.

A combination of daily, weekly, and monthly isn’t supported. You can choose daily, or weekly, or monthly.

Changing the backup policy affects all future backups. It doesn’t affect any previous backups that were created.
Steps
  1. Open the working environment.

  2. Click the backup settings icon.

    A screenshot that shows the Backup to S3 icon which is available after you open a working environment.

  3. Change the schedule and backup retention and then click Save.

    A screenshot that shows the Backup to S3 settings where you can enable or disable the feature and then choose backup retention.

Restoring a volume

When you restore data from a backup, Cloud Manager performs a full volume restore to a new volume. You can restore the data to the same working environment or to a different working environment that’s located in the same AWS account as the source working environment.

Steps
  1. At the top of Cloud Manager, click Backup & Restore.

  2. Select the volume that you want to restore.

    A screenshot of the Backup and Restore tab showing a volume that has backups.

  3. Find the backup that you want to restore from and click the restore icon.

    A screenshot of the restore icon for a backup after you select a volume.

  4. Select the working environment to which you want to restore the volume.

  5. Enter a name for the volume.

  6. Click Restore.

    A screenshot that shows the restore options: a working environment to restore to

Deleting backups

All backups are retained in S3 until you delete them from Cloud Manager. Backups are not deleted when you delete a volume or when you delete the Cloud Volumes ONTAP system.

At this time, you must use an API to delete a backup.

A screenshot of the delete backup API: /cbs/backups/delete

For more details about APIs, see the API Developer Guide.

Disabling Backup to S3

Disabling Backup to S3 disables backups of each volume on the system. Any existing backups will not be deleted.

Steps
  1. Open the working environment.

  2. Click the backup settings icon.

    A screenshot that shows the Backup to S3 icon which is available after you open a working environment.

  3. Disable Automatically back up all volumes and then click Save.

How Backup to S3 works

The following sections provide more information about Backup to S3.

Where backups reside

Backup copies are stored in an S3 bucket that Cloud Manager creates in your AWS account. The bucket is in the same region where the Cloud Volumes ONTAP system is located. There’s one S3 bucket per Cloud Volumes ONTAP system.

Cloud Manager names the bucket as follows: netapp-backup-clusteruuid

Be sure not to delete this bucket.

Cloud Manager enables the Amazon S3 Block Public Access feature on the S3 bucket.

S3 storage class

Backups start in the Standard storage class and transition to the Standard-Infrequent Access storage class after 30 days.

All supported volumes are backed up

When you enable Backup to S3, all supported volumes are the system are backed up to S3.

Backup to S3 can back up read-write volumes and data protection volumes.

Backups are incremental

After the initial full backup of your data, all additional backups are incremental, which means that only changed blocks and new blocks are backed up.

The backup policy is system wide

The schedule and number of backups to retain are defined at the system level. The setting affects all volumes on the system.

The backup schedule is daily, or weekly, or monthly

You can choose daily, or weekly, or monthly backups of all volumes. A combination of these backup frequency options isn’t supported.

Backups are taken at midnight

  • Daily backups start just after midnight each day.

  • Weekly backups start just after midnight on Sunday mornings.

  • Monthly backups start just after midnight on the first of each month.

At this time, you can’t schedule backup operations at a user specified time.

Backup copies are associated with your Cloud Central account

Backup copies are associated with the Cloud Central account in which Cloud Manager resides.

If you have multiple Cloud Manager systems in the same Cloud Central account, each Cloud Manager system will display the same list of backups. That includes the backups associated with Cloud Volumes ONTAP instances from other Cloud Manager systems.

Limitations

  • At this time, deleting backups is not supported from Cloud Manager.

    You should not delete the backups directly from S3.

  • Volumes that you create outside of Cloud Manager aren’t automatically backed up to S3.

    For example, if you create a volume from the ONTAP CLI, ONTAP API, or System Manager, then the volume won’t be automatically backed up.

    If you want to back up these volumes, you would need to disable Backup to S3 and then enable it again.

  • Backup to S3 can maintain up to 1,019 total backups of a volume.

  • WORM storage is not supported on a Cloud Volumes ONTAP system when backup to S3 is enabled.