Add FlashBlade backup location
Portworx Backup supports FlashBlade as backend on-premises storage infrastructure. You can add both object-locked and non-object locked S3 buckets based on FlashBlade as a backup location in the Portworx Backup web console.
Make sure that the following prerequisites are taken care before you add FlashBlade bucket as a backup target.
Prerequisites
-
Add a policy in FlashBlade console with the specified permissions:
-
For a non-object locked bucket, add a policy in the console with the following permissions enabled:
Bucket permissions Object permissions s3:createBucket
s3:GetBucketAcl
s3:ListAllMyBuckets
s3:ListBucket
s3:ListBucketMultipartUploads
s3:ListBucketVersions
s3:PutBucketVersioning
s3:GetLifecycleConfiguration
s3:PutLifecycleConfiguration
s3:GetObject
s3:GetObjectAcl
s3:GetObjectLockConfiguration
s3:GetObjectTagging
s3:GetObjectVersion
s3:GetObjectVersionTagging
s3:PutObject
s3:DeleteObject
s3:ListMultipartUploadParts
s3:AbortMultipartUpload
-
For an object-locked bucket, create a policy in FlashBlade console with the following permissions enabled:
Bucket permissions Object permissions s3:GetBucketAcl
s3:ListAllMyBuckets
s3:ListBucket
s3:ListBucketMultipartUploads
s3:ListBucketVersions
s3:PutLifecycleConfiguration
s3:GetObject
s3:GetObjectAcl
s3:GetObjectLegalHold
s3:GetObjectRetention
s3:GetObjectLockConfiguration
s3:GetObjectTagging
s3:GetObjectVersion
s3:GetObjectVersionTagging
s3:putObject
s3:PutObjectLegalHold
s3:PutObjectLockConfiguration
s3:PutObjectRetention
s3:DeleteObject
s3:ListMultipartUploadParts
s3:AbortMultipartUpload
-
-
Map the created policy with a FlashBlade user.
-
Generate the access keys.
-
Configure an S3 locked bucket in Flashblade with versioning enabled.
Now you are all set to add the FlashBlade-based object-locked and/or non-object locked bucket(s) as a backup location target in Portworx Backup.
Refer to Configure Portworx Backup with S3 object store (TLS enabled) for more information on how to configure Portworx Backup with a secure S3 compatible object store having a self-signed certificate.
Add FlashBlade Backup location
-
Make sure you have populated all the data in Step 3 of Add object store backup location and then add the backup location with those instructions.
noteServer-side encryption (SSE-S3) is not supported for Flashblade backup location.