Release notes
Create a backup relationship for an existing bucket (cloud target)
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
You can begin backing up existing S3 buckets at any time; for example, if you upgraded an S3 configuration from a release earlier than ONTAP 9.10.1.
-
You have valid account credentials and configuration information for the object store provider.
-
Intercluster network interfaces and an IPspace have been configured on the source system.
-
The DNS configuration for the source storage VM must be able to resolve the target’s FQDN.
-
Verify that the users and groups are correctly defined:
Click Storage > storage VMs, click the storage VM, click Settings and then click
under S3.See Add S3 users and groups for more information.
-
Create an SnapMirror S3 policy if you don’t have an existing one and you don’t want to use the default policy:
-
Click Protection > Overview, and then click Local Policy Settings.
-
Click
next to Protection Policies, then click Add. -
Enter the policy name and description.
-
Select the policy scope, cluster or SVM
-
Select Continuous for SnapMirror S3 relationships.
-
Enter your Throttle and Recovery Point Objective values.
-
-
Add a Cloud Object Store on the source system:
-
Click Protection > Overview, then select Cloud Object Store.
-
Click Add, then select Amazon S3 or Others for StorageGRID Webscale.
-
Enter the following values:
-
Cloud object store name
-
URL style (path or virtual-hosted)
-
storage VM (enabled for S3)
-
Object store server name (FQDN)
-
Object store certificate
-
Access key
-
Secret key
-
Container (bucket) name
-
-
-
Verify that the bucket access policy of the existing bucket still meets your needs:
-
Click Storage > Buckets and then select the bucket you want to protect.
-
In the Permissions tab, click
Edit, then click Add under Permissions.-
Principal and Effect - select values corresponding to your user group settings or accept the defaults.
-
Actions - make sure the following values are shown:
GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts -
Resources - use the defaults
(bucketname, bucketname/*)or other values you need.See Manage user access to buckets for more information about these fields.
-
-
-
Back up the bucket using SnapMirror S3:
-
Click Storage > Buckets and then select the bucket you want to back up.
-
Click Protect, select Cloud Storage under Target, then select the Cloud Object Store.
-
When you click Save, the existing bucket is backed up to the cloud object store.
-
Verify that the access rules in the default bucket policy are correct:
vserver object-store-server bucket policy add-statement -vserver svm_name -bucket bucket_name -effect {allow|deny} -action object_store_actions -principal user_and_group_names -resource object_store_resources [-sid text] [-index integer]ExampleclusterA::> vserver object-store-server bucket policy add-statement -bucket test-bucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts -principal - -resource test-bucket, test-bucket /*
-
Create an SnapMirror S3 policy if you don’t have an existing one and you don’t want to use the default policy:
snapmirror policy create -vserver svm_name -policy policy_name -type continuous [-rpo integer] [-throttle throttle_type] [-comment text] [additional_options]Parameters:
*type continuous– the only policy type for SnapMirror S3 relationships (required).
*-rpo– specifies the time for recovery point objective, in seconds (optional).
*-throttle– specifies the upper limit on throughput/bandwidth, in kilobytes/seconds (optional).ExampleclusterA::> snapmirror policy create -vserver vs0 -type continuous -rpo 0 -policy test-policy
-
If the target is a StorageGRID system, install the StorageGRID CA certificate on the admin SVM of the source cluster:
security certificate install -type server-ca -vserver src_admin_svm -cert-name storage_grid_server_certificateLearn more about
security certificate installin the ONTAP command reference. -
Define the SnapMirror S3 destination object store:
snapmirror object-store config create -vserver svm_name -object-store-name target_store_name -usage data -provider-type {AWS_S3|SGWS} -server target_FQDN -container-name remote_bucket_name -is-ssl-enabled true -port port_number -access-key target_access_key -secret-password target_secret_keyParameters:
*-object-store-name– the name of the object store target on the local ONTAP system.
*-usage– usedatafor this workflow.
*-provider-type–AWS_S3andSGWS(StorageGRID) targets are supported.
*-server– the target server’s FQDN or IP address.
*-is-ssl-enabled–enabling SSL is optional but recommended.
Learn more aboutsnapmirror object-store config createin the ONTAP command reference.Examplesrc_cluster::> snapmirror object-store config create -vserver vs0 -object-store-name sgws-store -usage data -provider-type SGWS -server sgws.example.com -container-name target-test-bucket -is-ssl-enabled true -port 443 -access-key abc123 -secret-password xyz890
-
Create an SnapMirror S3 relationship:
snapmirror create -source-path svm_name:/bucket/bucket_name -destination-path object_store_name:/objstore -policy policy_nameParameters:
*-destination-path- the object store name you created in the previous step and the fixed valueobjstore.
You can use a policy you created or accept the default.Examplesrc_cluster::> snapmirror create -source-path vs0:/bucket/buck-evp -destination-path sgws-store:/objstore -policy test-policy
-
Verify that mirroring is active:
snapmirror show -policy-type continuous -fields status
