Skip to main content
Solved

Storage Accelerator Implemented & Monitoring

  • 18 September 2023
  • 9 replies
  • 862 views

Forum|alt.badge.img+9

Hi All,

I have deployed Storage Accelerator on a Linux host but it does not seem to be working as the cloud team states that data transfer is still occurring cross-account.

My setup is as follow:

Client - Account 1

S3 Bucket Account 1

Media Agent (DDB) - Account 2


The Storage Pool is created with DDB enabled on the Media Agent in Account 2. The idea is to have the client writing to the S3 bucket in the same account.

The Media Agent can access the bucket across the account as backups are completing. I tested uploading a file from the client to the S3 bucket by using "aws cli s3 upload" command which completed successfully.

I also added the ARN credential on the cloud library for Storage Accelerator.

 


Is the format of this correct?

arn:aws:iam::123456789012:role/customer-mc-ec2-instance-profile-s3

 

In what log can I see the success or failure of Storage Accelerator usage?

I have reviewed the below posts but did not really find anything specific.
https://community.commvault.com/storage-and-deduplication-49/storage-accelerator-not-working-912
https://community.commvault.com/commvault-q-a-2/storage-accelerator-who-is-using-it-and-what-are-you-experiences-5395

Thanks.
Ignes

Best answer by Iggy

Hello.

The proposed solution was to make use of an Access/Secret combination for the Storage Accelerator credential on Mount Path rather than IAM role. I could not test this as the customer did not approve of it.

I ended up creating a Media Agent in the same account as the client servers.

I do however agree that there should be visibility in the Job Details if Storage Accelerator is being used.

 

I will be closing this topic.

Thanks all.

 

View original
Did this answer your question?

9 replies

Satya Narayan Mohanty
Vaulter
Forum|alt.badge.img+3

Hi Ignes, 

The SW checks the cloud connectivity and auto disables SA for a day if the connectivity check failed. If connectivity fails for 7 consecutive days then the feature is disabled permanently. I think that is what happened here. Can you check connectivity with the Storage Accelerator Credentials provided in the MP properties?

 

Other way to confirm this is to disable Storage Accelerator Credential and run a backup job and see if cross-account data transfer is still happening.

 

Before, you run the test, you need to remove this registry keys from the client machine. These registry keys disables the SA until a future time based on connectivity failures.

 

MediaAgent/StorageAcceleratorAutoDisabledUntil

MediaAgent/StorageAcceleratorConsecutiveFailureCount

 

Also, make sure this additional setting is not set on the client. This is set on 7 consecutive failures. If this is set, you can remove this additional setting.

https://documentation.commvault.com/2022e/expert/124967_enabling_or_disabling_storage_accelerator_01.html

 

Also, Make sure all the pre-requisites and steps are followed -

https://documentation.commvault.com/2022e/expert/96835_accelerating_backups_to_cloud_storage_libraries.html

 

Once a new job is run, check CVD.log on client machine for any of connectivity failures.

 

Thanks

Satya

 


Forum|alt.badge.img+9
  • Author
  • Byte
  • 51 replies
  • September 20, 2023

Hi,

Thanks for the feedback.

I have checked the steps but it still doesn’t seem to be working.

Should the Media Agent be installed on the client server?

 

Regards,

Ignes

 


Satya Narayan Mohanty
Vaulter
Forum|alt.badge.img+3

MA installation is not required in client server.

Did any connectivity issue was observed in logs mentioned in my earlier reply?

Please escalate this issue to Commvault support if its still not working after following the above steps.


Onno van den Berg
Commvault Certified Expert
Forum|alt.badge.img+19
  • Commvault Certified Expert
  • 1200 replies
  • September 20, 2023

@Satya Narayan Mohanty any changes if the current implementation that will try it for only 7 consecutive days is being altered. as there is no visual representation whatsoever in regards to the disabling of SA it is very user unfriendly to troubleshoot. in addition the need to manual remove these blocking settings is also not really friendly. I would expect a reset switch in Command Center. 


Satya Narayan Mohanty
Vaulter
Forum|alt.badge.img+3

We never need to manually remove the settings, its only used during troubleshooting. SA automatically gets enabled after 24 hours with this period of 7 days. After 7 days it gets permanently disabled. There is no visual representation today. Maybe this is something can be mentioned as a customer feedback in the support ticket & support can raise a customer modification request.


Onno van den Berg
Commvault Certified Expert
Forum|alt.badge.img+19
  • Commvault Certified Expert
  • 1200 replies
  • September 21, 2023

Well I assume you have to delete the keys to remove the permanent block that is enabled after 7 days.


Onno van den Berg
Commvault Certified Expert
Forum|alt.badge.img+19
  • Commvault Certified Expert
  • 1200 replies
  • September 21, 2023

Do bare with me it is a great differentiating feature but it was not very wel thought off when being used in larger and more complex environment like MSPs etc.  


Forum|alt.badge.img+9
  • Author
  • Byte
  • 51 replies
  • Answer
  • October 25, 2023

Hello.

The proposed solution was to make use of an Access/Secret combination for the Storage Accelerator credential on Mount Path rather than IAM role. I could not test this as the customer did not approve of it.

I ended up creating a Media Agent in the same account as the client servers.

I do however agree that there should be visibility in the Job Details if Storage Accelerator is being used.

 

I will be closing this topic.

Thanks all.

 


Onno van den Berg
Commvault Certified Expert
Forum|alt.badge.img+19

For SA you do not need to configure the credentials. This is just an option that acts as an additional security capability allowing you to specify an account without delete permissions. I'm not sure why it was added and what risk it actually mitigates, because it requires Commvault software to be cracked open. 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings