Amazon Glacier

Name

The name of the Cloud library.

Device Name

A unique device name generated by the system when the library is added.

Type

The type of the cloud storage server. Select the server type from the list of supported cloud storage vendors.

MediaAgent

The name of the MediaAgent to which the device is attached. Select a MediaAgent from the list to add to the cloud storage device. The list contains the names of all the MediaAgents configured in the CommCell.

Access Information

Add the credentials and other details required to access the cloud storage space.

Authentication

Create the account using one of the following authentication and add the necessary details for the account:

Access & Secret Access Key

Service Host

A valid endpoint name for the Amazon Glacier region provided by the agency. (Commvault transfers data using HTTPS protocol to the service host.)

Default: glacier.[region].amazonaws.com. For example, glacier.us-west-1.amazonaws.com.

To find the region, see https://docs.aws.amazon.com/general/latest/gr/rande.html.

Multiple hosts can be added in the Service Host field using commas to separate them. For example servicehost1, servicehost2, servicehost3. (For local cloud servers with multiple IP addresses, the list of IP addresses can be added. For example, 192.xxx.0.100,192.xxx.0.101, 192.xxx.0.102. )

Credential

Select a pre-defined credential from the list.

To define a new credential, click the Add New button from the list. The following information is required.

• Credential Name: An user-defined name for the credential.

• User Name: User name for the account.

• Password: Password for the specified account.

Credentials must not contain blank spaces or other special characters. For instructions about creating a credential, see Adding a Credential to Credential Manager.

The following permissions are needed in Amazon Glacier (Direct) for the Access & Secret Access user:

Sample json file with these actions.

"glacier:ListJobs",
"glacier:ListMultipartUploads",
"glacier:ListParts",
"glacier:ListVaults",
"glacier:DescribeJob",
"glacier:DescribeVault",
"glacier:GetJobOutput",
"glacier:AbortMultipartUpload",
"glacier:CompleteMultipartUpload",
"glacier:CreateVault",
"glacier:DeleteArchive",
"glacier:DeleteVault",
"glacier:Initiatejob",
"glacier:InitiateMultipartUpload",
"glacier:UploadArchive",
"glacier:UploadMultiPartPart"

• For List operations ListJobs, ListMultipartUploads, ListParts, and ListVaults permissions are required.

• For Read operations DescribeJob, DescribeVault, and GetJobOutput permissions are required.

• For Write operations AbortMultipartUpload, CompleteMultipartUpload, CreateVault, DeleteArchive, DeleteVault, InitiateJob, InitiateMultipartUpload, UploadArchive, and UploadMultipartPart permissions are required.

Vault

Click the Detect button to detect an existing Vault.

AWS IAM Role Policy

Use this Authentication for an user with the IAM role, thereby allowing the specific user to provide the IAM roles assigned to the user. For more information on IAM Role Policies, refer to https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html.

For AWS IAM Role Policy the selected MediaAgent must reside in the EC2 instance and an IAM Role must be associated with the EC2 instance. Make sure to select the specific MediaAgent from the drop-down list during library configuration. (For more information about installing the MediaAgent on the EC2 instance, see MediaAgent Installations.)

Service Host

A valid endpoint name for the Amazon Glacier region provided by the agency. (Commvault transfers data using HTTPS protocol to the service host.)

Default: glacier.[region].amazonaws.com. For example, glacier.us-west-1.amazonaws.com.

To find the region, see https://docs.aws.amazon.com/general/latest/gr/rande.html.

Multiple hosts can be added in the Service Host field using commas to separate them. For example servicehost1, servicehost2, servicehost3. (For local cloud servers with multiple IP addresses, the list of IP addresses can be added. For example, 192.xxx.0.100,192.xxx.0.101, 192.xxx.0.102. )

Vault

Click the Detect button to detect an existing Vault.

The following permissions are needed in Amazon Glacier (Direct) for IAM Role Policy user:

Sample json file with these actions.

"glacier:ListJobs",
"glacier:ListMultipartUploads",
"glacier:ListParts",
"glacier:ListVaults",
"glacier:DescribeJob",
"glacier:DescribeVault",
"glacier:GetJobOutput",
"glacier:AbortMultipartUpload",
"glacier:CompleteMultipartUpload",
"glacier:CreateVault",
"glacier:DeleteArchive",
"glacier:DeleteVault",
"glacier:Initiatejob",
"glacier:InitiateMultipartUpload",
"glacier:UploadArchive",
"glacier:UploadMultiPartPart"

• For List operations ListJobs, ListMultipartUploads, ListParts, and ListVaults permissions are required.

• For Read operations DescribeJob, DescribeVault, and GetJobOutput permissions are required.

• For Write operations AbortMultipartUpload, CompleteMultipartUpload, CreateVault, DeleteArchive, DeleteVault, InitiateJob, InitiateMultipartUpload, UploadArchive, and UploadMultipartPart permissions are required.

STS Assume Role

For more information on Amazon STS (Security Token Service), refer to http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html and http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html.

Service Host

A valid endpoint name for the Amazon Glacier region provided by the agency. (Commvault transfers data using HTTPS protocol to the service host.)

Default: glacier.[region].amazonaws.com. For example, glacier.us-west-1.amazonaws.com.

To find the region, see https://docs.aws.amazon.com/general/latest/gr/rande.html.

Multiple hosts can be added in the Service Host field using commas to separate them. For example servicehost1, servicehost2, servicehost3. (For local cloud servers with multiple IP addresses, the list of IP addresses can be added. For example, 192.xxx.0.100,192.xxx.0.101, 192.xxx.0.102. )

Credential

Select a pre-defined credential from the list.

To define a new credential, click the Add New button from the list. The following information is required.

• Credential Name: An user-defined name for the credential.

• User Name: User name for the account.

• Password: Password for the specified account.

Credentials must not contain blank spaces or other special characters. For instructions about creating a credential, see Adding a Credential to Credential Manager.

Role ARN

A valid Amazon Resource Name (ARN) of an IAM role that you want to use to perform operations requested using this profile.

Vault

Click the Detect button to detect an existing Vault.

AWS STS Assume Role and IAM Role Policy

Service Host

A valid endpoint name for the Amazon Glacier region provided by the agency. (Commvault transfers data using HTTPS protocol to the service host.)

Default: glacier.[region].amazonaws.com. For example, glacier.us-west-1.amazonaws.com.

To find the region, see https://docs.aws.amazon.com/general/latest/gr/rande.html.

Multiple hosts can be added in the Service Host field using commas to separate them. For example servicehost1, servicehost2, servicehost3. (For local cloud servers with multiple IP addresses, the list of IP addresses can be added. For example, 192.xxx.0.100,192.xxx.0.101, 192.xxx.0.102. )

Role ARN

A valid Amazon Resource Name (ARN) of an IAM role that you want to use to perform operations requested using this profile.

Vault

Click the Detect button to detect an existing Vault.

C2S Access Portal

Use this Authentication for a user with credentials to either the Amazon C2S (Amazon Commercial Cloud Services) or Amazon SC2S (Amazon Secure - Commercial Cloud Services).

Service Host

A valid endpoint name for the Amazon Glacier region provided by the agency. (Commvault transfers data using HTTPS protocol to the service host.)

Default: glacier.[region].amazonaws.com. For example, glacier.us-west-1.amazonaws.com.

To find the region, see https://docs.aws.amazon.com/general/latest/gr/rande.html.

Multiple hosts can be added in the Service Host field using commas to separate them. For example servicehost1, servicehost2, servicehost3. (For local cloud servers with multiple IP addresses, the list of IP addresses can be added. For example, 192.xxx.0.100,192.xxx.0.101, 192.xxx.0.102. )

CAP URL

The CAP URL.

For example:

https://<URL:Port_Name>/TAP/api/v1/credentials?agency=<agency>&mission=<mission>&role=<role>

Certificate Filename

File name provided by the agency.

For example: <file_name>.p12.

Make sure that the file is copied and available in all the MediaAgents using the library under the following folder:

<software install folder>/Base/Certificates

Passphrase

The password for the certificate file provided by the agency.

Vault

Click the Detect button to detect an existing Vault.