> Software > Protect > Files > Amazon Web Services > Amazon FSx for NetApp ONTAP > Add Amazon FSx for NetApp ONTAP File Storage

Configure Amazon FSx for NetApp ONTAP backups - CIFS

The file server guided setup guides you through adding a file server and creating a backup plan to protect Amazon FSx for NetApp ONTAP files exported to CIFS.

Before You Begin

  • To complete the setup wizard for the File Servers application, you will need the following information:

    • The host name of the Amazon FSx for NetApp ONTAP storage virtual machine (SVM)

    • Credentials the access node will use to access the SVM and create snapshots

    • Access node group or access node that will be used for backup

      • An access node group is a server group containing one or more access node.

    • Credentials the access node will use to access the SVM data via CIFS

  • The required package can be installed on the access node(s) as part of the setup.

Start the Configuration Wizard

  1. From the Command Center navigation pane, go to Service catalog.

  2. In the Files tile, click Configure.

  3. Select Cloud File Shares, and then click Next.

  4. Select Amazon FSx for NetApp ONTAP as the cloud file share type.

  5. Click Next.

Configure Permissions

  1. From the Authentication method list, select the authentication type.

    Note

    • To use auto-scaled access nodes, you must use AWS STS AssumeRole authentication for discovery and backup of the SVM. If a discovery resource pool is configured in your environment, the authentication method is managed by the MSP, and you might not be required to explicitly select AWS STS AssumeRole authentication.

    • Auto-scaled access nodes require AWS STS AssumeRole authentication. If you select another authentication method, the auto-scale option is not available.

  2. Click the Launch the CloudFormation Stack link to open the AWS account in the AWS console.

    Note

    • If you do not have permission to create a role in the AWS account, copy the Launch the CloudFormation Stack link and share it with your AWS IAM administrator.

    • To use auto-scaled access nodes, verify that the CloudFormation template creates a CommvaultAdminRole with EC2 create/terminate permissions and any required marketplace permissions.

  3. Log on to the AWS console.

  4. Under Capabilities, read the information about the template, and then select the acknowledgment check box.

  5. Click Create stack.

    Wait for the CloudFormation Stack to finish creating the IAM role.

    IAM roles and policies for FSx for NetApp ONTAP

    The IAM role used during backup configuration depends on whether auto-scale prerequisites are configured and how discovery is set up.

    • If auto-scale is enabled (scale manager is configured) CommvaultAdminRole is always used.

    • If auto-scale is not enabled:

      • If a discovery resource pool is configured, CommvaultTenantRole will be created.

      • If a discovery resource pool is not configured, CommvaultAdminRole will be created.

    • CommvaultAdminRole includes the following policies to support discovery, backup operations, and auto-scale:

      • CommvaultAdminRole-CVAutoScalePolicy

      • CommvaultAdminRole-DocDBPolicy

      • CommvaultAdminRole-DynamoDBPolicy

      • CommvaultAdminRole-EC2Policy

      • CommvaultAdminRole-FSPolicy

      • CommvaultAdminRole-FSxPolicy

      • CommvaultAdminRole-RDSPolicy

      • CommvaultAdminRole-RedshiftPolicy

      • CommvaultAdminRole-S3CloudLibPolicy

      • CommvaultAdminRole-S3Policy

      • CommvaultAdminRole-STSAssumePolicy

      • CommvaultAdminRole-VPCPolicy

    • If you are not using auto-scale and a discovery resource pool is configured, CommvaultTenantRole includes the following policies:

      • CommvaultTenantRole-DocDBPolicy

      • CommvaultTenantRole-EC2Policy

      • CommvaultTenantRole-FSxPolicy

      • CommvaultTenantRole-RDSPolicy

      • CommvaultTenantRole-RedshiftPolicy

      • CommvaultTenantRole-S3Policy

      • CommvaultTenantRole-VPCPolicy

    Note

    CloudFormation templates may include policies for multiple workloads. You can remove unused policies if they are not required for your FSx for NetApp ONTAP environment.

    Permissions required to discover Amazon FSx for NetApp ONTAP resources

    • "fsx:DescribeFileSystems"

    • "fsx:DescribeStorageVirtualMachines"

    • "fsx:DescribeVolumes"

    • "fsx:ListTagsForResource"

    Permissions required to create and manage auto-scaled access nodes

    • If auto-scale configurations are enabled, then the following additonal permissions are required:

      • "ec2:AllocateAddress"

      • "ec2:AllocateIpamPoolCidr"

      • "ec2:AssociateAddress"

      • "ec2:DescribeAddresses"

      • "ec2:DescribeIpamPools"

      • "ec2:DisassociateAddress"

      • "ec2:ReleaseAddress"

      • "iam:ListInstanceProfilesForRole"

      • "s3:ListBucketMultipartUploads"

      • "ec2:DescribeIpams"

  6. After the stack is created, on the Outputs tab of the AWS console, copy the ExternalID and IAMRole key values.

  7. Return to the Commvault Cloud configuration wizard.

  8. From the Credential list, select existing credentials or create new credentials to discover the Amazon FSx for NetApp ONTAP cloud file share.

    Important

    The credentials must have an external ID and an IAM role ARN—the values that you copied from the Outputs tab of the AWS console in the preceding step:

    • If you select existing credentials, to verify that the credentials have an external ID and an IAM role ARN, click the edit button edit button outline grey/gray pencil.

    • If you create new credentials, make sure to enter the external ID and the IAM role ARN.

  9. Click Next.

  1. From the Authentication method list, select the authentication type.

    Note

    • To use auto-scaled access nodes, you must use AWS STS AssumeRole authentication for discovery and backup of the SVM. If a discovery resource pool is configured in your environment, the authentication method is managed by the MSP, and you might not be required to explicitly select AWS STS AssumeRole authentication.

    • Auto-scaled access nodes require AWS STS AssumeRole authentication. If you select another authentication method, the auto-scale option is not available.

  2. Click the Launch the CloudFormation Stack link to open the AWS account in the AWS console.

    Note

    • If you do not have permission to create a role in the AWS account, copy the Launch the CloudFormation Stack link and share it with your AWS IAM administrator.

    • To use auto-scaled access nodes, verify that the CloudFormation template creates a CommvaultAdminRole with EC2 create/terminate permissions and any required marketplace permissions.

  3. Log on to the AWS console.

  4. Under Capabilities, read the information about the template, and then select the acknowledgment check box.

  5. Click Create stack.

    Wait for the CloudFormation Stack to finish creating the IAM role.

    IAM roles and policies for FSx for NetApp ONTAP

    The IAM role used during backup configuration depends on whether auto-scale prerequisites are configured and how discovery is set up.

    • If auto-scale is enabled (scale manager is configured) CommvaultAdminRole is always used.

    • If auto-scale is not enabled:

      • If a discovery resource pool is configured, CommvaultTenantRole will be created

      • If a discovery resource pool is not configured, CommvaultAdminRole will be created.

    • CommvaultAdminRole includes the following policies to support discovery, backup operations, and auto-scale:

      • CommvaultAdminRole-CVAutoScalePolicy

      • CommvaultAdminRole-DocDBPolicy

      • CommvaultAdminRole-DynamoDBPolicy

      • CommvaultAdminRole-EC2Policy

      • CommvaultAdminRole-FSPolicy

      • CommvaultAdminRole-FSxPolicy

      • CommvaultAdminRole-RDSPolicy

      • CommvaultAdminRole-RedshiftPolicy

      • CommvaultAdminRole-S3CloudLibPolicy

      • CommvaultAdminRole-S3Policy

      • CommvaultAdminRole-STSAssumePolicy

      • CommvaultAdminRole-VPCPolicy

    • If you are not using auto-scale and a discovery resource pool is configured, CommvaultTenantRole includes the following policies:

      • CommvaultTenantRole-DocDBPolicy

      • CommvaultTenantRole-EC2Policy

      • CommvaultTenantRole-FSxPolicy

      • CommvaultTenantRole-RDSPolicy

      • CommvaultTenantRole-RedshiftPolicy

      • CommvaultTenantRole-S3Policy

      • CommvaultTenantRole-VPCPolicy

    Note

    CloudFormation templates may include policies for multiple workloads. You can remove unused policies if they are not required for your FSx for NetApp ONTAP environment.

    Permissions required to discover Amazon FSx for NetApp ONTAP resources

    • "fsx:DescribeFileSystems"

    • "fsx:DescribeStorageVirtualMachines"

    • "fsx:DescribeVolumes"

    • "fsx:ListTagsForResource"

    Permissions required to create and manage auto-scaled access nodes

    • If auto-scale configurations are enabled, then the following additonal permissions are required:

      • "ec2:AllocateAddress"

      • "ec2:AllocateIpamPoolCidr"

      • "ec2:AssociateAddress"

      • "ec2:DescribeAddresses"

      • "ec2:DescribeIpamPools"

      • "ec2:DisassociateAddress"

      • "ec2:ReleaseAddress"

      • "iam:ListInstanceProfilesForRole"

      • "s3:ListBucketMultipartUploads"

      • "ec2:DescribeIpams"

  6. After the stack is created, on the Outputs tab of the AWS console, copy the Role ARN key value.

  7. Return to the Commvault configuration wizard.

  8. From the Credential list, select existing credentials or create new credentials to discover the Amazon FSx for NetApp ONTAP cloud file share.

    Important

    • Credentials are required only for the AWS STS AssumeRole and Access keys for IAM users authentication methods.

    • The credentials must have an IAM role ARN - the values that you copied from the Outputs tab of the AWS console in the preceding step:

      • If you select existing credentials, verify that the IAM role ARN is correct.

      • If you create new credentials, make sure to enter the IAM role ARN.

  9. Click Next.

Region

  1. Select the region where the SVM resides.

  2. Click Next.

Server Configuration

  1. From the Storage Virtual Machine list, select the name of the Amazon FSx for NetApp ONTAP cloud file share.

    Verify the ONTAP Management Interface, which is automatically populated based on the SVM that you selected.

    If you have not created a dedicated workload resource pool, then the Access node for discovering Storage Virtual Machines list is displayed. Select or add an EC2 instance that will be used as the access node to discover the Amazon FSx for NetApp ONTAP cloud file share.

  2. From the ONTAP Credential list, select existing credentials or create new credentials.

    Steps to add new credentials

    To add credentials to the Credential Manager, click the plus button (+), and then specify the following in the Add Credential dialog box.

    1. In the Credential name box, enter the name of the credential.

    2. In the User account box, enter the name of the user account.

    3. In the Password box, enter the password.

    4. In the Description box, you can enter a description of the credentials.

    5. Click Save.

  3. Verify the Display name for the Amazon FSx for NetApp ONTAP cloud file share.

  4. Click Next.

  1. From the Access node for discovering Storage Virtual Machines list, select or add an EC2 instance that will be used as the access node to discover the Amazon FSx for NetApp ONTAP cloud file share.

    If you had selected the Access keys for IAM users authentication method, then all available access nodes with the VSA package installed are displayed.

    Note

    The IAM Role must already be created before you add an access node.

    Steps to create an access node

    1. Click the add button add/plus button - gray - no border.

    2. The Storage region is automatically selected based on the region that was selected from the Region page. You cannot edit this box.

    3. Click the Launch the CloudFormation Stack link to open the AWS account in the AWS console.

      Note: If you do not have permission to create a role in the AWS account, copy the Launch the CloudFormation Stack link and share it with your AWS IAM administrator.

    4. Log on to the AWS console.

    5. Under Network Configuration, from the Subnet ID list, select the subnet ID for the cloud file share.

    6. Click Create stack.

      Wait for the CloudFormation Stack to finish creating the access node.

  2. From the Storage Virtual Machine list, select the name of the Amazon FSx for NetApp ONTAP cloud file share.

    Verify the ONTAP Management Interface, which is automatically populated based on the SVM that you selected.

  3. From the ONTAP Credential list, select existing credentials or create new credentials.

    Steps to add new credentials

    To add credentials to the Credential Manager, click the plus button (+), and then specify the following in the Add Credential dialog box.

    1. In the Credential name box, enter the name of the credential.

    2. In the User account box, enter the name of the user account.

    3. In the Password box, enter the password.

    4. In the Description box, you can enter a description of the credentials.

    5. Click Save.

  4. Verify the Display name for the Amazon FSx for NetApp ONTAP cloud file share.

  5. Click Next.

Plan

  1. From the Plan list, select the backup plan to use for the cloud file share.

    Steps to create a new backup plan

    1. Click the add button add/plus button - gray - no border.

    2. In the Plan name, enter a name for the backup plan.

    3. If you have an active Files and Objects subscription, from the Storage list, select the storage to use for the backups.

    4. If you have an active AGP bundle for File and Object subscription:

      • The Storage region is automatically selected based on the region that was selected from the Region page. You cannot edit this box.

    5. If you have both the above subscriptions:

      1. To use regular storage for backups, move the Bring your own storage toggle to the right, and then select the Storage to use for the backups.

      2. To use AGP bundled storage, leave the Bring your own storage toggle disabled.

        • The Storage region is automatically selected based on the region that was selected from the Region page. You cannot edit this box.

    6. For the backup plan settings, select pre-defined settings or create custom settings:

      • To select pre-defined settings, under Retention rules, select one of the following:

        • Select Standard retention to retain the incremental backups for 1 month.

      • To create custom settings, move the Custom plan toggle key to the right, and then specify the following:

        • For Retention, specify the amount of time to retain the backup jobs.

        • For Backups run every, specify how often to run backups.

    7. Click Done.

  2. Click Next.

  1. From the Plan list, select the backup plan to use for the cloud file share.

    Steps to create a new backup plan

    1. Click the add button add/plus button - gray - no border.

      The Create backup plan dialog box appears.

    2. In the Plan name, enter a name for the backup plan.

    3. From the Storage list, select the storage to use for the backups.

    4. For the backup plan settings, select pre-defined settings or create custom settings:

    5. To select pre-defined settings, under Retention rules, select one of the following:

      • Select Standard retention to retain the incremental backups for 1 month.

    6. To create custom settings, move the Custom plan toggle key to the right, and then specify the following:

      • For Retention, specify the amount of time to retain the backup jobs.

      • For Backups run every, specify how often to run backups.

    7. Click Done.

  2. Click Next.

Backup Content

  1. To use dynamically provisioned access nodes, move the Auto scale toggle to the right.

    To use permanent access nodes, proceed to select the backup protocol, and then the access nodes.

  2. Move the CIFS toggle key to the right.

  3. If you have enabled Auto scale, proceed to modify the backup content.

    To use permanent access nodes to back up the Amazon FSx for NetApp ONTAP cloud file share, from the Access nodes list, select one or more access node groups or access nodes.

    An access node is a machine with Commvault software installed to manage communication to and from the protected system. To access your Amazon FSx for NetApp ONTAP cloud file share via CIFS, the access node requires the Windows File System software.

    If you do not already have a permanent access node, create a new one using the CloudFormation Stack or add an access node manually.

    Steps to create an access node using the CloudFormation Stack

    1. Click the add button add/plus button - gray - no border.

    2. The Storage region is automatically selected based on the region that was selected from the Region page. You cannot edit this box.

    3. Click the Launch the CloudFormation Stack link to open the AWS account in the AWS console.

      Note: If you do not have permission to create a role in the AWS account, copy the Launch the CloudFormation Stack link and share it with your AWS IAM administrator.

    4. Log on to the AWS console.

    5. Under Network Configuration, from the Subnet ID list, select the subnet ID cloud file share.

    6. Click Create stack.

      Wait for the CloudFormation Stack to finish creating the access node.

    Note

    • Starting with Commvault Innovation Release 11.42.60, IntelliSnap backups of CIFS shares using Linux access nodes is supported for Amazon FSx for NetApp ONTAP.

    • The deferred cataloging and inline cataloging features are not supported while using Linux access nodes. To use these features, select a Windows access node for snapshot backups of CIFS shares.

  4. From the CIFS Credentials list, select existing credentials or create new credentials that will be used to access the CIFS shares.

    You must configure CIFS credentials to change the backup content.

    Steps to add new credentials

    To add credentials to the Credential Manager, click the plus button (+), and then specify the following in the Add Credential dialog box.

    1. In the Credential name box, enter the name of the credential.

    2. In the User account box, enter the name of the user account.

    3. In the Password box, enter the password.

    4. In the Description box, you can enter a description of the credentials.

    5. Click Save.

  5. By default, all CIFS shares will be selected for backup. To modify the backup content, move the All CIFS shares toggle key to the left and follow these steps:

    1. To add the content to back up, in the Content area, click Add > Browse or Custom path.

      • To enter paths to items you want to include in backups, in the Enter custom path field, enter a path, and then click the add Managing File System Subclients (1) button.

      • To select items from a file system view of the server, do the following:

        1. Click Browse.

          The Browse Options dialog box appears.

        2. In the Interface path box, provide the path details to browse the data.

        3. From the Access nodes list, select the access node, and then click Browse.

          The Add content dialog box appears.

        4. Select the check boxes for the items that you want to include in the backup and then click Save.

    2. To add filters to exclude items from backups, in the Exclusions area, click Add > Browse or Custom path.

      • To enter paths to items you want to exclude from backups, in the Enter custom path field, enter a filter pattern, and then click the add Managing File System Subclients (2) button.

      • To select items from a file system view of the server, do the following:

        1. Click Browse.

          The Browse Options dialog box appears.

        2. In the Interface path box, provide the path details to browse the data to exclude.

        3. From the Access nodes list, select the access node, and then click Browse.

          The Add exclusions dialog box appears.

        4. Select the check boxes for the items that you want to exclude in the backup and then click Save.

    3. You can add the exceptions on the excluded data. To do so, move the Define exceptions toggle key to the right, and then click Add > Browse or Custom path.

      • To enter paths to items you want to exempt from the excluded data, in the Enter custom path field, enter a filter pattern, and then click the add Managing File System Subclients (2) button.

      • To select items from a file system view of the server, do the following:

        1. Click Browse.

          The Browse Options dialog box appears.

        2. In the Interface path box, provide the path details to browse the data to except.

        3. From the Access nodes list, select the access node, and then click Browse.

          The Add exceptions dialog box appears.

        4. Select the check boxes for the items that you want to except from the excluded data and then click Save.

    4. From the Include global exclusions list, select one the following:

      • Off: To disable global filters for this subclient; only subclient exclusions are applied. This value overrides the Use Global Filters on All Subclients global filters setting.

      • On: To enable global filters for this subclient; both global and subclient exclusions are applied. This value overrides the Use Global Filters on All Subclients global filters setting.

      • Use cell level policy: To include global filters for this subclient only if the Use Global Filters on All Subclients option is selected in the Global Filters.

    Note

    If the Auto scale toggle is enabled, the first content browse operation might take longer to display results.

  6. To verify the connection between the array and access node, click Test connection.

    Note

    This option is not available when backups are configured using auto-scaled access nodes.

  7. Click Finish.

×

Loading...