Release notes
Create a backup relationship for a new bucket (cloud target)
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
When you create new S3 buckets, you can back them up immediately to an SnapMirror S3 target bucket on an object store provider, which can be a StorageGRID system or an Amazon S3 deployment.
-
You have valid account credentials and configuration information for the object store provider.
-
Intercluster network interfaces and an IPspace have been configured on the source system.
-
• The DNS configuration for the source storage VM must be able to resolve the target’s FQDN.
-
Edit the storage VM to add users, and to add users to groups:
-
Click Storage > storage VMs, click the storage VM, click Settings and then click
under S3.See Add S3 users and groups for more information.
-
-
Add a Cloud Object Store on the source system:
-
Click Protection > Overview, then select Cloud Object Stores.
-
Click Add, then select Amazon S3 or StorageGRID.
-
Enter the following values:
-
Cloud object store name
-
URL style (path or virtual-hosted)
-
storage VM (enabled for S3)
-
Object store server name (FQDN)
-
Object store certificate
-
Access key
-
Secret key
-
Container (bucket) name
-
-
-
Create an SnapMirror S3 policy if you don't have an existing one and you don't want to use the default policy:
-
Click Protection > Overview, and then click Local Policy Settings.
-
Click
next to Protection Policies, then click Add.-
Enter the policy name and description.
-
Select the policy scope, cluster or SVM
-
Select Continuous for SnapMirror S3 relationships.
-
Enter your Throttle and Recovery Point Objective values.
-
-
-
Create a bucket with SnapMirror protection:
-
Click Storage > Buckets, then click Add.
-
Enter a name, select the storage VM, enter a size, then click More Options.
-
Under Permissions, click Add. Verifying permissions is optional but recommended.
-
Principal and Effect: Select values corresponding to your user group settings or accept the defaults.
-
Actions: Make sure the following values are shown:
GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts
-
Resources: Use the defaults
_(bucketname, bucketname/*)or other values you need.See Manage user access to buckets for more information about these fields.
-
-
Under Protection, check Enable SnapMirror (ONTAP or Cloud), select Cloud Storage, then select the Cloud Object Store.
-
When you click Save, a new bucket is created in the source storage VM, and it is backed up to the cloud object store.
-
If this is the first SnapMirror S3 relationship for this SVM, verify that root user keys exist for both source and destination SVMs and regenerate them if they do not:
vserver object-store-server user show
Confirm that there is an access key for the root user. If there is not, enter:
vserver object-store-server user regenerate-keys -vserver svm_name -user root
Do not regenerate the key if one already exists. -
Create a bucket in the source SVM:
vserver object-store-server bucket create -vserver svm_name -bucket bucket_name [-size integer[KB|MB|GB|TB|PB]] [-comment text] [additional_options] -
Add access rules to the default bucket policy:
vserver object-store-server bucket policy add-statement -vserver svm_name -bucket bucket_name -effect {allow|deny} -action object_store_actions -principal user_and_group_names -resource object_store_resources [-sid text] [-index integer]ExampleclusterA::> vserver object-store-server bucket policy add-statement -bucket test-bucket -effect allow -action GetObject,PutObject,DeleteObject,ListBucket,GetBucketAcl,GetObjectAcl,ListBucketMultipartUploads,ListMultipartUploadParts -principal - -resource test-bucket, test-bucket /*
-
Create an SnapMirror S3 policy if you don’t have an existing one and you don’t want to use the default policy:
snapmirror policy create -vserver svm_name -policy policy_name -type continuous [-rpo integer] [-throttle throttle_type] [-comment text] [additional_options]Parameters:
*type continuous– the only policy type for SnapMirror S3 relationships (required).
*-rpo– specifies the time for recovery point objective, in seconds (optional).
*-throttle– specifies the upper limit on throughput/bandwidth, in kilobytes/seconds (optional).ExampleclusterA::> snapmirror policy create -vserver vs0 -type continuous -rpo 0 -policy test-policy
-
If the target is a StorageGRID system, install the StorageGRID CA server certificate on the admin SVM of the source cluster:
security certificate install -type server-ca -vserver src_admin_svm -cert-name storage_grid_server_certificateLearn more about
security certificate installin the ONTAP command reference. -
Define the SnapMirror S3 destination object store:
snapmirror object-store config create -vserver svm_name -object-store-name target_store_name -usage data -provider-type {AWS_S3|SGWS} -server target_FQDN -container-name remote_bucket_name -is-ssl-enabled true -port port_number -access-key target_access_key -secret-password target_secret_keyParameters:
*-object-store-name– the name of the object store target on the local ONTAP system.
*-usage– usedatafor this workflow.
*-provider-type–AWS_S3andSGWS(StorageGRID) targets are supported.
*-server– the target server’s FQDN or IP address.
*-is-ssl-enabled–enabling SSL is optional but recommended.
Learn more aboutsnapmirror object-store config createin the ONTAP command reference.Examplesrc_cluster::> snapmirror object-store config create -vserver vs0 -object-store-name sgws-store -usage data -provider-type SGWS -server sgws.example.com -container-name target-test-bucket -is-ssl-enabled true -port 443 -access-key abc123 -secret-password xyz890
-
Create an SnapMirror S3 relationship:
snapmirror create -source-path svm_name:/bucket/bucket_name -destination-path object_store_name:/objstore -policy policy_nameParameters:
*-destination-path- the object store name you created in the previous step and the fixed valueobjstore.
You can use a policy you created or accept the default.Examplesrc_cluster::> snapmirror create -source-path vs0:/bucket/test-bucket -destination-path sgws-store:/objstore -policy test-policy
-
Verify that mirroring is active:
snapmirror show -policy-type continuous -fields status
