Protecting buckets

R‑Cloud enables you to protect your data in Amazon S3, Azure, and Google Cloud buckets with fast and reliable backup and restore operations. After you optionally configure bucket backup options and back up a bucket, you can choose to restore one or more individual files or folders inside the bucket.

Note  Keep in mind that Azure storage accounts are referred to as Azure buckets in R‑Cloud.

Prerequisites

  • The data movers must have access to the buckets that you want to protect and to the targets that store the protected data. To ensure this, configure bucket backup options so that the data mover uses the appropriate network and subnet. For instructions, see Configuring bucket backup options.

    Tip  You can check under which subnet the bucket and the target are accessible in your cloud provider management console.

  • For Google Cloud:

    • The HYCU Managed Service Account (HMSA) must have the Compute Admin, Service Account User, and Storage Admin roles granted on the projects with the buckets that you plan to protect. For instructions on how to grant permissions to service accounts, see Google Cloud documentation.

    • Cloud Resource Manager API, Compute Engine API, Cloud Identity and Access Management API, Cloud Billing API, and Cloud Storage API must be enabled on the projects that contain the buckets that you want to protect. For instructions on how to enable APIs, see Google Cloud documentation.

Limitations

  • Bucket data (backup data, copies of backup data, and data archives) can be stored only to targets, and not as a snapshot. For instructions on how to set up targets, see Setting up targets.

  • Protecting data in S3 compatible buckets is not supported.

  • For Azure: You can protect data in StorageV2 (general-purpose v2) storage accounts.

Considerations

  • Keep in mind that the role you have assigned determines what kind of actions you can perform. For details on roles, see Managing roles.

  • For Google Cloud: R‑Cloud uses an external IP address to access Google Cloud APIs if Private Google Access is disabled on subnets. If your data protection environment requires the use of an internal IP address, make sure Private Google Access is enabled on subnets. For details, see Google Cloud documentation.

Recommendation

If you plan to use targets for storing the protected data, optimize the egress data costs by configuring bucket backup options so that the data mover uses the same or the nearest available region as the target. For instructions, see Configuring bucket backup options.

For details on how to protect bucket data efficiently, see the following topics: