Configuring Amazon S3 in China (Blog)
(This isn't a question, just documentation of how we fixed an issue I couldn't find an answer to online. I have no doubt all of this is in the Cloud Admin Guide, I just decided to take the long route and skip that part :manembarrassed: )
My company has a handful of remote offices around the world, with two of them in different sites in China. In each of those China offices we run a 7.7.3 NetBackup Master Server, (Windows 2008), to back up local data to disk, and use SLP to replicate those images across the WAN to the other office for offsite protection. This has been working successfully for 3 years, but we've slowly been adding more data to these offices and can no longer do local backups AND crosssite replication without filling up the disk targets. We're using "borrowed storage" from another server to protect our offsite copies at the moment while we decide where to go next.
One of our new initiative tests was to replicate to S3, but AmazonAWS has a separate China environment different from the amazonaws.com that the rest of the world can access, amazonaws.com.cn. Our Cloud Admin set up a new S3 instance in China without an issue, but the problem is the default Amazon cloud instance in NetBackup 7.7.3 is not customizable, and does not include the China Amazon region. The problem is the cloudprovider.xml file (C:\Program Files\Veritas\NetBackup\db\cloud) is locked and there are no commands available to add the China region to the Amazon plugin.
I was able to get a new cloudprovider.xml from NetBackup support, but that was only because the tech working my case had one on his desktop from helping another customer. The actual solution to this, and any other provider that isn't a default Cloud option, is to contact the vendor and request the plugin directly from them. (You may need help combining customized instances with the new .xml but I didn't experience that so I don't know the procedure).
Also, my device mappings were about a year old so I had to update that file as well. (https://sort.veritas.com/checklist/install/nbu_device_mapping)
After replacing the cloudprovider.xml and upgrading the device mappings I was able to see the amazonaws.com.cn instance and, (having already opened the firewall), connected the very first attempt.
Firewall: source to s3-cn-north-1.amazonaws.com.cn
- Bidirectional TCP: (5637, 80, 443)