Highlighted

Configuring Amazon S3 in China (Blog)

(This isn't a question, just documentation of how we fixed an issue I couldn't find an answer to online. I have no doubt all of this is in the Cloud Admin Guide, I just decided to take the long route and skip that part Man Embarassed )

My company has a handful of remote offices around the world, with two of them in different sites in China. In each of those China offices we run a 7.7.3 NetBackup Master Server, (Windows 2008), to back up local data to disk, and use SLP to replicate those images across the WAN to the other office for offsite protection. This has been working successfully for 3 years, but we've slowly been adding more data to these offices and can no longer do local backups AND crosssite replication without filling up the disk targets. We're using "borrowed storage" from another server to protect our offsite copies at the moment while we decide where to go next. 

One of our new initiative tests was to replicate to S3, but AmazonAWS has a separate China environment different from the amazonaws.com that the rest of the world can access, amazonaws.com.cn. Our Cloud Admin set up a new S3 instance in China without an issue, but the problem is the default Amazon cloud instance in NetBackup 7.7.3 is not customizable, and does not include the China Amazon region. The problem is the cloudprovider.xml file (C:\Program Files\Veritas\NetBackup\db\cloud) is locked and there are no commands available to add the China region to the Amazon plugin. 

I was able to get a new cloudprovider.xml from NetBackup support, but that was only because the tech working my case had one on his desktop from helping another customer. The actual solution to this, and any other provider that isn't a default Cloud option, is to contact the vendor and request the plugin directly from them. (You may need help combining customized instances with the new .xml but I didn't experience that so I don't know the procedure). 

Also, my device mappings were about a year old so I had to update that file as well. (https://sort.veritas.com/checklist/install/nbu_device_mapping)

After replacing the cloudprovider.xml and upgrading the device mappings I was able to see the amazonaws.com.cn instance and, (having already opened the firewall), connected the very first attempt. 

Firewall: source to s3-cn-north-1.amazonaws.com.cn

  • Bidirectional TCP: (5637, 80, 443)
4 Replies

Re: Configuring Amazon S3 in China (Blog)

Hello,

Thanks for the post. We have a similar issue where in our case the S3 is in IRELAND and has a different "s3-eu-west-1.amazonaws.com" URL than the standard URL s3.amazonaws.com. I am unable edit\add CloudProvider.xml or cldinstance in csconfig.

Is getting new CloudProvider.xml is the only way to configure new storage server in S3 in Non-US region?

Re: Configuring Amazon S3 in China (Blog)

Fleming_kris,

I can't confirm every step to set this up because we don't have buckets in that region, but eu-west-1 is one of the default regions in 7.7.3

If you run (...\bin\admincmd)

csconfig cldinstance -i -pt amazon -at S3

you should see all of the default regions for the "Amazon" instance, which includes Ireland (eu-west-1):

 

C:\Program Files\Veritas\NetBackup\bin\admincmd>csconfig cldinstance -i -pt amazon -at S3

        Cloud Instance Name                     : amazon.com
        Provider Type                           : amazon
        Service API Type                        : S3
        Service Host                            : s3.amazonaws.com
        Service Endpoint                        : <empty>
        Service HTTP Port                       : 80
        Service HTTPS Port                      : 443
        Service URL Style                       : Virtual Hosted Style
        Customizable                            : No
        Region  Name                            : US Standard
                Location Constraint             : <empty>
                Service Host                    : s3.amazonaws.com
        Region  Name                            : Asia Pacific (Tokyo)
                Location Constraint             : ap-northeast-1
                Service Host                    : s3-ap-northeast-1.amazonaws.com
        Region  Name                            : Asia Pacific (Singapore)
                Location Constraint             : ap-southeast-1
                Service Host                    : s3-ap-southeast-1.amazonaws.com
        Region  Name                            : Asia Pacific (Sydney)
                Location Constraint             : ap-southeast-2
                Service Host                    : s3-ap-southeast-2.amazonaws.com
        Region  Name                            : EU (Frankfurt)
                Location Constraint             : eu-central-1
                Service Host                    : s3-eu-central-1.amazonaws.com
        Region  Name                            : EU (Ireland)
                Location Constraint             : eu-west-1
                Service Host                    : s3-eu-west-1.amazonaws.com
        Region  Name                            : South America (Sao Paulo)
                Location Constraint             : sa-east-1
                Service Host                    : s3-sa-east-1.amazonaws.com
        Region  Name                            : US West (Northern California)
                Location Constraint             : us-west-1
                Service Host                    : s3-us-west-1.amazonaws.com
        Region  Name                            : US West (Oregon)
                Location Constraint             : us-west-2
                Service Host                    : s3-us-west-2.amazonaws.com
        Storage Server                          : amazon.com
                Use SSL                         : DATA
                Use Proxy                       : NONE
                Proxy IP                        : <NA>
                Proxy Port                      : <NA>
                Credentials Broker              : CREDS_PROMPT



Successfully fetched Cloud Instance(s)

 

csconfig  (NetBackup Command Reference Guide 7.7)

REF: Cloud Admin Guide 7.7.3

 

My understanding is you:

  1. Configure your Storage Server with your ID Key to service host s3.amazonaws.com
  2. Through either the Cloud Wizard or "Disk Pools > `right click` New Disk Pool"
    1. Select your Cloud Store
    2. Select "Add New Volume" 
      1. Add bucket and region through the drop down (see attachment)

 

 

As I said, I can't confirm this, but if you're at 7.7.3 and still can't add the regional bucket, then you may need the CloudProvider.xml

Re: Configuring Amazon S3 in China (Blog)

Thanks for the reply. We are at 7.7.2 with RHEL 7.2

 

Though csconfig cldinstance shows the EU-WEST-1 as one of the default regions, while creating the storage server we get only "s3.amazonaws.com" and "add Cloud storage" button below service host is greyed out.

We are able to telnet "s3-eu-west-1.amazonaws.com" at 443, 80 without an issue from eu-west instances and where as telent to s3.amazonaws.com fails. so, i was looking for a way to make netbackup to establish a connection manually to AWS at "s3-eu-west-1.amazonaws.com" instead of its default "s3.amazonaws.com"

** Telnet to s3.amazonaws.com is successful only from instances in Americas.

 

 

Re: Configuring Amazon S3 in China (Blog)

Fleming_kris,

You're almost there. You don't select the region just yet:

  1. Create the "Service host" as s3.amazonaws.com
  2. Storage server name amazon.com
  3. Enter access key ID
  4. Enter Secret access key
  5. Select "Next"
  6. Chose if you want encryption, (you'll need to have already configured KMS)
    1. If you upgrade to 7.7.3 you'll also have the option for compression in this stage
  7. Select "Next"

From here NetBackup will attempt to connect to to s3.amazonaws.com. If successful, the next step will look for your buckets. If the key ID you provided has access to the Ireland buckets you created, you may see your buckets here. If they are not an option, then select "Add New Volume", which is where you select your region.