I was trying to test Veritas Backup Exec 15 to connect to  Amazon S3 for Cloud backups.  I wanted to test this out before getting into the online backup world. One thing after calling Backup Exec support is that they fixed some connectivity problems in Feature Pack 4.  So download and install that first.

Now I followed the instructions in article

https://www.veritas.com/support/en_US/article.000081253

  1. First you create your free Amazon Account. Sorry I don’t have screenshots for this, but this should be pretty self-explanatory.

http://docs.aws.amazon.com/AmazonS3/latest/gsg/SigningUpforS3.html

  1. Then you create a Bucket

http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html

  1. Then you Create Your Access Key which in turn creates a secret access Key. Follow these instructions. Download these and keep them in a safe place.

http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html

If you follow the rest of the instructions in the Veritas support article you will not be able to connect. Here is the part missing from the instructions. If this your first time using Amazon S3 like myself, you may have missed.

You will get an error in backup exec when trying to connect if you didn’t set any permissions on the bucket.  The error that I received was in Backup exec.

Unable to configure Amazon S3 on BE 15, Error: BEMSDK Failure Code: A0009B23

You must now grant access to the bucket to the account

  1. To Grant Permissions to the Bucket
    1. In the AWS Console Go to the IAM Management Console by clicking on Services and IAM.   Go to Policies Menu.
    2. I think at first it says “get started” click that, then click the “Create Policy” button, then click “Create Your Own Policy”
    3. Fill in your name for the policy and the description.
    4. Then modify the example from AWS and modify the permissions to your needs.

Here’s an example from AWS to allow access to a bucket

http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html

Here is what mine looked like. I have named my bucket “backupexec” below. (Sorry I use the free version of WordPress so i don’t have the Code plugin – copy it from the link above)

"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3::: backupexec"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3::: backupexec/*"
}
]
}

Now you would think that you could change the version number at the top to any date.  Well in my testing you are wrong.  Keep the date the same.  I don’t know why from my research I got mixed answers and since I am testing this I don’t have the time or energy to figure out why.

You would get this error when clicking the Validate the Policy button on the bottom.

This policy contains the following error: The policy must contain a valid version string For more information about the IAM policy grammar, see AWS IAM Policies.

 

  1. Now go to “Users” select your user, Go to Permissions, and Attach the policy that you created and named above.

Thanks to the following article for this blog for help on this creating and understanding the permissions to the bucket:

http://mikeferrier.com/2011/10/27/granting-access-to-a-single-s3-bucket-using-amazon-iam/

 

Hope this saves someone time trying to go through Veritas support.  After I set the permissions it worked perfectly.  I was able to save and restore with no problems.

Here’s some information on Amazon S3 Storage Classes

https://aws.amazon.com/s3/storage-classes/

Here’s a calculator on pricing for these storage classes

http://calculator.s3.amazonaws.com/index.html

 

 

 

 

Advertisements