Configuring backups to and from cloud storage

Backing up an Enterprise Mode or Eon Mode database to a supported cloud storage location requires that you add parameters to the backup configuration file.

Backing up an Enterprise Mode or Eon Mode database to a supported cloud storage location requires that you add parameters to the backup configuration file. You can create these backups from the local cluster or from your cloud provider's virtual servers. Some additional configuration is required.

See Additional considerations for cloud storage for information about configuring authentication and encryption.

Configuration file requirements

To back up any Eon Mode or Enterprise Mode cluster to a cloud storage destination, the backup configuration file must include a [CloudStorage] section. Vertica provides a sample cloud storage configuration file that you can copy and edit.

Environment variable requirements

Environment variables securely pass credentials for backup locations. Eon and Enterprise Mode databases require environment variables in the following backup scenarios:

  • Vertica on Google Cloud Platform (GCP) to Google Cloud Storage (GCS).

    For backups to GCS, you must have a hash-based message authentication code (HMAC) key that contains an access ID and a secret. See Eon Mode on GCP prerequisites for instructions on how to create your HMAC key.

  • On-premises databases to any of the following storage locations:

    • Amazon Web Services (AWS)

    • Any S3-compatible storage

    • Azure Blob Storage (Enterprise Mode only)

    On-premises database backups require you to pass your credentials with environment variables. You cannot use other methods of credentialing with cross-endpoint backups.

  • Any Azure user environment that does not manage resources with Azure managed identities.

The vbr log captures when you sent an environment variable. For security purposes, the value that the environment variable represents is not logged. For details about checking vbr logs, see Troubleshooting backup and restore.

Enterprise Mode and Eon Mode

All Enterprise Mode and Eon Mode databases require the environment variables described in the following table:

Environment Variable Description
VBR_BACKUP_STORAGE_ACCESS_KEY_ID Credentials for the backup location.
VBR_BACKUP_STORAGE_SECRET_ACCESS_KEY Credentials for the backup location.
VBR_BACKUP_STORAGE_ENDPOINT_URL

The endpoint for the on-premises S3 backup location, includes the scheme HTTP or HTTPS.

Eon Mode only

Eon Mode databases require the environment variables described in the following table:

Environment Variable Description
VBR_COMMUNAL_STORAGE_ACCESS_KEY_ID Credentials for the communal storage location.
VBR_COMMUNAL_STORAGE_SECRET_ACCESS_KEY Credentials for the communal storage location.
VBR_COMMUNAL_STORAGE_ENDPOINT_URL

The endpoint for the communal storage, includes the scheme HTTP or HTTPS.

Azure Blob Storage only

If the user environment does not manage resources with Azure-managed identities, you must provide credentials with environment variables. If you set environment variables in an environment that uses Azure-managed identities, credentials set with environment variables take precedence over Azure-managed identity credentials.

You can back up and restore between two separate Azure accounts. Cross-account operations require a credential configuration JSON object and an endpoint configuration JSON object for each account. Each environment variable accepts a collection of one or more comma-separated JSON objects.

Cross-account and cross-region backup and restore operations might result in decreased performance. For details about performance and cost, see the Azure documentation.

The Azure Blob Storage environment variables are described in the following table:

Environment Variable Description
VbrCredentialConfig

Credentials for the backup location. Each JSON object requires values for the following keys:

  • accountName: Name of the storage account.

  • blobEndpoint: Host address and optional port for the endpoint to use as the backup location.

  • accountKey: Access key for the account.

  • sharedAccessSignature: A token that provides access to the backup endpoint.

VbrEndpointConfig

The endpoint for the backup location. To backup and restore between two separate Azure accounts, provide each set of endpoint information as a JSON object.

Each JSON object requires values for the following keys:

  • accountName: Name of the storage account.

  • blobEndpoint: Host address and optional port for the endpoint to use as the backup location.

  • protocol: HTTPS (default) or HTTP.

  • isMultiAccountEndpoint: Boolean (by default false), indicates whether blobEndpoint supports multiple accounts

The following commands export the Azure Blob Storage environment variables to the current shell session:

$ export VbrCredentialConfig=[{"accountName": "account1","blobEndpoint": "host[:port]","accountKey": "account-key1","sharedAccessSignature": "sas-token1"}]
$ export VbrEndpointConfig=[{"accountName": "account1", "blobEndpoint": "host[:port]", "protocol": "http"}]