Amazon S3 advanced server configuration options

The following tables describes the SSL, HTTP header configuration, and proxy server options that are specific to all Amazon S3-compatible cloud providers. These options appear on the Advanced Server Configuration dialog box.

Table: General Settings tab options

Option	Description
Use SSL	Select Use SSL if you want to use the SSL (Secure Sockets Layer) protocol for user authentication or data transfer between NetBackup and cloud storage provider. Authentication only. Select this option, if you want to use SSL only at the time of authenticating users while they access the cloud storage. Data Transfer. Select this option, if you want to use SSL to authenticate users and transfer the data from NetBackup to the cloud storage. Note: NetBackup supports only Certificate Authority (CA) signed certificates while it communicates with cloud storage in the SSL mode. Ensure that the cloud server (public or private) has CA-signed certificate. If it does not have the CA-signed certificate, data transfer between NetBackup and cloud provider fails in the SSL mode. Note: The FIPS region of Amazon GovCloud cloud provider (that is s3-fips-us-gov-west-1.amazonaws.com) supports only secure mode of communication. Therefore, if you disable the Use SSL option while you configure Amazon GovCloud cloud storage with the FIPS region, the configuration fails. Note: Glacier service endpoint for the Amazon GovCloud cloud provider (that is glacier.us-gov-west-1.amazonaws.com) supports only secure mode of communication using the NetBackup GLACIER_VAULT storage class. Therefore, if you disable the Use SSL option while you configure Amazon GovCloud cloud storage with GLACIER_VAULT storage class, the configuration fails.
HTTP Headers	Specify appropriate value for the selected HTTP header. Click the Value column to see the drop-down list and select the value. x-amz-server-side-encryption. Select AE256 from the Value drop-down list, if you want to protect data in Amazon S3 cloud storage. AE256 stands for 256-bit Advanced Encryption Standard. By setting the header value to AE256, every object that Amazon S3 cloud storage receives is encrypted before it is stored in the cloud. Amazon S3 server-side encryption uses one of the strongest block ciphers available, that is AE256 to encrypt your data. Additionally, it encrypts the key itself with a master key that it regularly rotates. Note: If you have already enabled the encryption option while creating Amazon S3 cloud storage server, you do not need to enable this option. Because, the data is already encrypted before NetBackup sends it over the network. Storage class is configured at the time of creating the storage server. Once configured, storage class is non-editable.

Option

Description

Use SSL

Select Use SSL if you want to use the SSL (Secure Sockets Layer) protocol for user authentication or data transfer between NetBackup and cloud storage provider.

Authentication only. Select this option, if you want to use SSL only at the time of authenticating users while they access the cloud storage.
Data Transfer. Select this option, if you want to use SSL to authenticate users and transfer the data from NetBackup to the cloud storage.

Note:

NetBackup supports only Certificate Authority (CA) signed certificates while it communicates with cloud storage in the SSL mode. Ensure that the cloud server (public or private) has CA-signed certificate. If it does not have the CA-signed certificate, data transfer between NetBackup and cloud provider fails in the SSL mode.

Note:

The FIPS region of Amazon GovCloud cloud provider (that is s3-fips-us-gov-west-1.amazonaws.com) supports only secure mode of communication. Therefore, if you disable the Use SSL option while you configure Amazon GovCloud cloud storage with the FIPS region, the configuration fails.

Note:

Glacier service endpoint for the Amazon GovCloud cloud provider (that is glacier.us-gov-west-1.amazonaws.com) supports only secure mode of communication using the NetBackup GLACIER_VAULT storage class. Therefore, if you disable the Use SSL option while you configure Amazon GovCloud cloud storage with GLACIER_VAULT storage class, the configuration fails.

HTTP Headers

Specify appropriate value for the selected HTTP header. Click the Value column to see the drop-down list and select the value.

x-amz-server-side-encryption. Select AE256 from the Value drop-down list, if you want to protect data in Amazon S3 cloud storage.
AE256 stands for 256-bit Advanced Encryption Standard.
By setting the header value to AE256, every object that Amazon S3 cloud storage receives is encrypted before it is stored in the cloud. Amazon S3 server-side encryption uses one of the strongest block ciphers available, that is AE256 to encrypt your data. Additionally, it encrypts the key itself with a master key that it regularly rotates.
Note:
If you have already enabled the encryption option while creating Amazon S3 cloud storage server, you do not need to enable this option. Because, the data is already encrypted before NetBackup sends it over the network.
Storage class is configured at the time of creating the storage server. Once configured, storage class is non-editable.

Table: Proxy Settings tab options

Option	Description
Use Proxy Server	Use Proxy Server option to use proxy server and provide proxy server settings. Once you select the Use Proxy Server option, you can specify the following details: Proxy Host - Specify IP address or name of the proxy server. Proxy Port - Specify port number of the proxy server. Proxy Type - You can select one of the following proxy types: HTTP Note: You need to provide the proxy credentials for HTTP proxy type. SOCKS SOCKS4 SOCKS5 SOCKS4A
Use Proxy Tunneling	You can enable proxy tunneling for HTTP proxy type. After you enable Use Proxy Tunneling, HTTP CONNECT requests are send from the cloud media server to the HTTP proxy server and the TCP connection is directly forwarded to the cloud back-end storage. The data passes through the proxy server without reading the headers or data from the connection.
Authentication Type	You can select one of the following authentication types if you are using HTTP proxy type. None - Authentication is not enabled. Username and password is not required. NTLM - Username and password needed. Basic - Username and password needed. Username is the username of the proxy server Password can be empty. You can use maximum 256 characters.

Option

Description

Use Proxy Server

Use Proxy Server option to use proxy server and provide proxy server settings. Once you select the Use Proxy Server option, you can specify the following details:

Proxy Host - Specify IP address or name of the proxy server.
Proxy Port - Specify port number of the proxy server.
Proxy Type - You can select one of the following proxy types:
- HTTP
  Note:
  You need to provide the proxy credentials for HTTP proxy type.
- SOCKS
- SOCKS4
- SOCKS5
- SOCKS4A

Use Proxy Tunneling

You can enable proxy tunneling for HTTP proxy type.

After you enable Use Proxy Tunneling, HTTP CONNECT requests are send from the cloud media server to the HTTP proxy server and the TCP connection is directly forwarded to the cloud back-end storage.

The data passes through the proxy server without reading the headers or data from the connection.

Authentication Type

You can select one of the following authentication types if you are using HTTP proxy type.

None - Authentication is not enabled. Username and password is not required.
NTLM - Username and password needed.
Basic - Username and password needed.

Username is the username of the proxy server

Password can be empty. You can use maximum 256 characters.

Amazon S3 advanced server configuration options

Feedback

Feedback