Skip to main content
Version: 2.8

Add FlashBlade backup location

Portworx Backup supports FlashBlade as backend on-premises storage infrastructure. You can add both object-locked and non-object locked S3 buckets based on FlashBlade as a backup location in the Portworx Backup web console.

Make sure that the following prerequisites are taken care before you add FlashBlade bucket as a backup target.

Prerequisites

  1. Add a policy in FlashBlade console with the specified permissions:

    • For a non-object locked bucket, add a policy in the console with the following permissions enabled:

      Bucket permissionsObject permissions
      • s3:createBucket
      • s3:GetBucketAcl
      • s3:ListAllMyBuckets
      • s3:ListBucket
      • s3:ListBucketMultipartUploads
      • s3:ListBucketVersions
      • s3:PutBucketVersioning
      • s3:GetLifecycleConfiguration
      • s3:PutLifecycleConfiguration
      • s3:GetObject
      • s3:GetObjectAcl
      • s3:GetObjectLockConfiguration
      • s3:GetObjectTagging
      • s3:GetObjectVersion
      • s3:GetObjectVersionTagging
      • s3:PutObject
      • s3:DeleteObject
      • s3:ListMultipartUploadParts
      • s3:AbortMultipartUpload

    • For an object-locked bucket, create a policy in FlashBlade console with the following permissions enabled:

      Bucket permissionsObject permissions
      • s3:GetBucketAcl
      • s3:ListAllMyBuckets
      • s3:ListBucket
      • s3:ListBucketMultipartUploads
      • s3:ListBucketVersions
      • s3:PutLifecycleConfiguration
      • s3:GetObject
      • s3:GetObjectAcl
      • s3:GetObjectLegalHold
      • s3:GetObjectRetention
      • s3:GetObjectLockConfiguration
      • s3:GetObjectTagging
      • s3:GetObjectVersion
      • s3:GetObjectVersionTagging
      • s3:putObject
      • s3:PutObjectLegalHold
      • s3:PutObjectLockConfiguration
      • s3:PutObjectRetention
      • s3:DeleteObject
      • s3:ListMultipartUploadParts
      • s3:AbortMultipartUpload

  2. Map the created policy with a FlashBlade user.

  3. Generate the access keys.

  4. Configure an S3 locked bucket in Flashblade with versioning enabled.

    Now you are all set to add the FlashBlade-based object-locked and/or non-object locked bucket(s) as a backup location target in Portworx Backup.

    Refer to Configure Portworx Backup with S3 object store (TLS enabled) for more information on how to configure Portworx Backup with a secure S3 compatible object store having a self-signed certificate.

Add FlashBlade Backup location

  • Make sure you have populated all the data in Step 3 of Add object store backup location and then add the backup location with those instructions.

    note

    Server-side encryption (SSE-S3) is not supported for Flashblade backup location.