Storage Accelerator Implemented & Monitoring

  • 18 September 2023
  • 9 replies

Badge +8

Hi All,

I have deployed Storage Accelerator on a Linux host but it does not seem to be working as the cloud team states that data transfer is still occurring cross-account.

My setup is as follow:

Client - Account 1

S3 Bucket Account 1

Media Agent (DDB) - Account 2

The Storage Pool is created with DDB enabled on the Media Agent in Account 2. The idea is to have the client writing to the S3 bucket in the same account.

The Media Agent can access the bucket across the account as backups are completing. I tested uploading a file from the client to the S3 bucket by using "aws cli s3 upload" command which completed successfully.

I also added the ARN credential on the cloud library for Storage Accelerator.


Is the format of this correct?



In what log can I see the success or failure of Storage Accelerator usage?

I have reviewed the below posts but did not really find anything specific.



Best answer by Iggy 25 October 2023, 13:04

View original

9 replies

Badge +3

Hi Ignes, 

The SW checks the cloud connectivity and auto disables SA for a day if the connectivity check failed. If connectivity fails for 7 consecutive days then the feature is disabled permanently. I think that is what happened here. Can you check connectivity with the Storage Accelerator Credentials provided in the MP properties?


Other way to confirm this is to disable Storage Accelerator Credential and run a backup job and see if cross-account data transfer is still happening.


Before, you run the test, you need to remove this registry keys from the client machine. These registry keys disables the SA until a future time based on connectivity failures.





Also, make sure this additional setting is not set on the client. This is set on 7 consecutive failures. If this is set, you can remove this additional setting.


Also, Make sure all the pre-requisites and steps are followed -


Once a new job is run, check CVD.log on client machine for any of connectivity failures.





Badge +8


Thanks for the feedback.

I have checked the steps but it still doesn’t seem to be working.

Should the Media Agent be installed on the client server?





Badge +3

MA installation is not required in client server.

Did any connectivity issue was observed in logs mentioned in my earlier reply?

Please escalate this issue to Commvault support if its still not working after following the above steps.

Userlevel 7
Badge +19

@Satya Narayan Mohanty any changes if the current implementation that will try it for only 7 consecutive days is being altered. as there is no visual representation whatsoever in regards to the disabling of SA it is very user unfriendly to troubleshoot. in addition the need to manual remove these blocking settings is also not really friendly. I would expect a reset switch in Command Center. 

Badge +3

We never need to manually remove the settings, its only used during troubleshooting. SA automatically gets enabled after 24 hours with this period of 7 days. After 7 days it gets permanently disabled. There is no visual representation today. Maybe this is something can be mentioned as a customer feedback in the support ticket & support can raise a customer modification request.

Userlevel 7
Badge +19

Well I assume you have to delete the keys to remove the permanent block that is enabled after 7 days.

Userlevel 7
Badge +19

Do bare with me it is a great differentiating feature but it was not very wel thought off when being used in larger and more complex environment like MSPs etc.  

Badge +8


The proposed solution was to make use of an Access/Secret combination for the Storage Accelerator credential on Mount Path rather than IAM role. I could not test this as the customer did not approve of it.

I ended up creating a Media Agent in the same account as the client servers.

I do however agree that there should be visibility in the Job Details if Storage Accelerator is being used.


I will be closing this topic.

Thanks all.


Userlevel 7
Badge +19

For SA you do not need to configure the credentials. This is just an option that acts as an additional security capability allowing you to specify an account without delete permissions. I'm not sure why it was added and what risk it actually mitigates, because it requires Commvault software to be cracked open.