How to use the Backup Exec S3 Private Cloud Connector

How to use the Backup Exec S3 Private Cloud Connector

Article: 100038827
Last Published: 2021-08-10
Ratings: 0 1
Product(s): Backup Exec

Description

How to use the Backup Exec S3 Private Cloud Connector
 
The Backup Exec S3 Private Cloud Connector:
  • Allows customers to target backups to S3 Compatible private cloud storage servers
  • Prior versions only supported backups to public cloud providers such as Amazon and Google
  • Allows Backup Exec to add support for Amazon S3 Compatible storage system vendors
 
Backup Exec utilizes two encrypted files:
  • CloudProvider.xml – contains configuration information about supported cloud providers
  • CloudInstance.xml - contains cloud instance list and connection information, updated using BEMCLI
To connect Backup Exec storage to a private cloud:
  1. Private Cloud Storage server device environment must be configured.
  1. Private Cloud Storage server account configured for BE use:
User name = A Private Cloud Storage server S3 access key
Password = A Private Cloud Storage server secret key
  1. Storage bucket configured on storage server that meets BE naming requirements:
  • Bucket names can contain lowercase letters, numbers, and dashes
  • Bucket names cannot begin with a dash
  1. Run the New-BECloudInstance BEMCLI command to update CloudInstance.xml with connection information.
  2. Configure a Storage Device in BE Console.
For more information on supported private cloud storage providers, refer to the Backup Exec Hardware Compatibility List.
https://www.veritas.com/docs/000017788

Backup Exec Server Connection Requirements
  • Certificate Authority (CA) signed certificates on media server if SSL‑mode is used for backups
  • Backup Exec server must be able to ping and resolve the Private Cloud storage server
  • Backup Exec server time must be synchronized with Private Cloud storage server time
  • Sharing Private Cloud Storage devices in CAS/MBES environment is not supported
 
BEMCLI Commands for updating CloudInstance.xml:
 
Command Description
New-BECloudInstance Creates and configures a new cloud instance in CloudInstance.xml
Get-BECloudInstance Gets all of the private cloud instances configured in Backup Exec
Set-BECloudInstance Sets the properties for a Backup Exec cloud instance
Remove-BECloudInstance Removes a cloud instance configured in Backup Exec
Get-BECommand *cloudinstance* Displays the list of cloud instance related commands
 
Command:  New-BECloudInstance
 
Creates and configures a new cloud instance in Backup Exec.
 
Syntax:
New-BECloudInstance [-Name] [<String>] [-Provider] [<String>] [‑ServiceHost] [<String>] [-SslMode] {Disabled | AuthenticationOnly | Full} [-HttpsPort [<Int32>]] [-Endpoint [<String>]] [-HttpPort [<Int32>]] [‑UrlStyle {Unknown | Virtual | Path}] [-Confirm [<SwitchParameter>]] [‑WhatIf [<SwitchParameter>]] [<CommonParameters>]
 
Example:
New-BECloudInstance -Name "CloudInstance001" -Provider "cloudian" -ServiceHost "s3.cloudian.com" HttpPort="80" -HttpsPort="443" -SslMode “Disabled” –UrlStyle “Path”
 
Mandatory Parameters:
  • Name: Name of the new cloud instance. Cloud instance name should match BE naming requirement.
    • Instance names can contain letters, numbers, and dashes (or hyphens).
    • Instance names cannot begin with a dash (or a hypen).
  • Provider: Specifies the provider of the cloud instance. Only private cloud provider name can be specified.
  • ServiceHost: Specifies the service host of the cloud instance. ServiceHost should be unique for each cloud instance that is created on the server.
  • SslMode:  Specifies the SSL mode that Backup Exec will use for communication with the cloud storage server. The valid values are:
  • Disabled – Do not use ssl.
  • AuthenticationOnly – use ssl for authentication only.
  • Full – use ssl for authentication and data transfer also.
Note: Backup Exec supports only Certificate Authority (CA)-signed certificates while it communicates with cloud storage in the SSL mode. Ensure that the private cloud server has CA-signed certificate. If it does not have the CA-signed certificate, data transfer between Backup Exec and cloud provider may fail in the SSL mode. User may choose to opt out of SSL and set SSLMode as Disabled.
 
Optional Parameters:
  • UrlStyle - Specifies the URL style of the cloud instance.
The valid values are :
  • Unknown – do not set any value. Will default to Path.
  • Virtual - In a virtual-hosted–style URL, the bucket name is part of the domain name in the URL. For example: https://bucket.s3.amazonaws.com
If you are providing UrlStyle as Virtual for your cloud instance, ensure that you can ping and resolve the bucket name from a virtual hosted style URL. In a virtual-hosted–style URL, the bucket name is part of the domain name in the URL. For example: https://bucket.s3.amazonaws.com.In such case you should be able to resolve and connect to bucket.s3.amazonaws.com. You may want to add an entry in your DNS to resolve the bucket name in virtual style URL.
  • Path - In a path-style URL, the bucket name is not part of the domain (unless you use a region-specific endpoint). For example: US East (N. Virginia) region endpoint, https://s3.amazonaws.com/bucket.  
If you are providing UrlStyle as Path for your cloud instance, ensure that you can resolve and connect the service host from your Backup Exec Server. If not, please add an entry in windows host file to resolve the service host from your machine.
 
Ensure that the URL is getting resolved from media server. Media server is able to resolve and ping the cloud storage server.
 
  • HttpPort - Specifies the http port of the cloud instance. Default port is 80.
  • HttpsPort - Specifies the https port of the cloud instance. Default port is 443.
  • Endpoint – specifies the service endpoint.
 
Examples:
 
New-BECloudInstance -Name "CloudInstance001" -Provider "cloudian" -ServiceHost "s3.cloudian.com" HttpPort="80" -HttpsPort="443" –SslMode “Disabled” –UrlStyle “Path”
 
Above example command creates a cloud instance with name CloudInstance001 of type cloudian pointing to service host s3.cloudian.com. To access the bucket, uses Path style url and ssl mode is set as disabled. Http and https port are configured as 80 and 443.
 
New-BECloudInstance -Name "CloudInstance002" -Provider "cloudian" -ServiceHost "s3.my-cloudian.com"–SslMode “AuthenticationOnly” –UrlStyle “Path”
 
Above example command creates a cloud instance with name CloudInstance002 of type cloudian pointing to service host s3.my-cloudian.com. To access the bucket, uses Path style URL and ssl mode is set as AuthenticationOnly. Http and https port are not configured hence use default port number that is 80 and 443 respectively.

In context with the earlier example, change the Provider based on your private cloud storage server.
For more information on supported private cloud storage providers, refer to the Backup Exec Hardware Compatibility List.
https://www.veritas.com/docs/000017788
 
Command:  Get-BECloudInstance
 
Gets all of the custom (private) cloud instances configured in Backup Exec. Without parameters, Get-BECloudInstance gets all of the private cloud instances configured in Backup Exec. You can also specify a private cloud instance by instance name or pass a private cloud instance object through the pipeline to Get-BECloudInstance.
 
Parameters (Optional):
  • Name: Specifies one or more cloud instances by cloud instance name (wildcards accepted).
  • Id: Specifies one or more cloud instances by cloud instance ID (Guid). To specify multiple IDs, use commas to separate the IDs.
 
Example 1
C:\PS> Get-BECloudInstance
This command gets all of the private cloud instances.
 
Example 2
C:\PS> Get-BECloudInstance -Name "CloudInstance0001"
This command gets the private cloud instance named "CloudInstance0001".
 
Example 3
C:\PS> Get-BECloudInstance -Name "*CloudInstance*"
 
Command:  Set-BECloudInstance
 
Sets the properties for a Backup Exec cloud instance. You can modify all the settings, except the name and provider of an existing cloud instance.
 
Syntax
Set-BECloudInstance -InputObject [<BECloudInstance[]>] [-Endpoint [<String>]] [-HttpsPort [<Int32>]] [-SslMode {Disabled | AuthenticationOnly | Full}] [-ServiceHost [<String>]] [-HttpPort [<Int32>]] [-UrlStyle {Unknown | Virtual | Path}] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
 
Example:
C:\PS> Get-BECloudInstance "CloudInstance001" | Set-BECloudInstance -ServiceHost "s3.cloudian1.com"
These commands change the service host property of cloud instance named "CloudInstance001" to "s3.cloudian1.com".
 
Note:  You cannot update cloud instance to point to service host which is actually being attached to other cloud instance on the same Backup Exec Server.
 
For more information on supported private cloud storage providers, refer to the Backup Exec Hardware Compatibility List.
https://www.veritas.com/docs/000017788

Command:  Remove-BECloudInstance
 
Removes a cloud instance configured in Backup Exec. The cloud instance would be deleted only if there is no private cloud storage attached to the cloud instance.  If a user wants to delete the cloud instance, they must delete the private cloud storage devices associated with the cloud instance first and then delete the cloud instance.
 
Syntax
Remove-BECloudInstance -InputObject [<BECloudInstance[]>] [-PassThru [<SwitchParameter>]] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]
 
Example
 
C:\PS> Get-BECloudInstance "CloudInstanc001" | Remove-BECloudInstance
 
Note:  When you use the PassThru parameter, Remove-BECloudInstance returns an object that represents the cloud instance that was removed. Otherwise, this cmdlet does not generate any output.

Error Messages when Configuring a Cloud Instance
 
Error Message Reason/Solution
The service provider <name> is not customizable The service provider provided is not customizable, for example a public cloud provider such as Amazon.
Service host <name> is already attached to another cloud instance There is already a cloud instance on the server which points to the service host provided.
The cloud instance with name <name> does not exist Displayed when attempting to get a cloud instance with name that does not exists.
Ensure that the cloud instance name meets the Backup Exec naming requirements and the service provider XX is available Displayed when creating a cloud instance. Either the name of cloud instance is not matching BE naming convention or the private service provider is not qualified by BE.
The cloud instance <name> is attached to following cloud storage devices: <name>. Delete these devices before deleting the attached cloud instance. Displayed if there are storage devices configured for the cloud instance, and attempting to delete the instance. Delete the devices first and then delete the instance.
Unable to connect to the cloud storage device.  Ensure that the network is properly configured between the device and the Backup Exec server.
If the device is a private cloud storage device, Backup Exec does not support sharing a private cloud storage device across Backup Exec servers.
When trying to share the private cloud storage device from CAS to MMS or MMS to CAS or MMS1 to MMS2, then this error message is displayed. This scenario is not supported.

Was this content helpful?