AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Get Started > Configure Your Storage Policies

Export to PDF

Configure Your Storage Policies

Before you begin using Granular Backup and Restore/Exchange Online Backup and Restore, you must configure storage policies to define where backup data is stored.

The default storage policy stores data in an Azure BLOB storage location. If corporate policies and compliance requirements necessitate that you store your data in more than one location, Granular Backup and Restore/Exchange Online Backup and Restore can write, using storage policies, to FTP, SFTP, Microsoft Azure Blob Storage, Amazon S3, Amazon S3-Compatible Storage, Rackspace Cloud File, Dropbox, and Box devices.

Follow the steps below to configure your storage policies:

  1. To configure your own storage location as physical devices in storage policies, refer to Manage Physical Devices.

  2. After you configure physical devices, refer to Manage Logical Devices to configure logical devices which represent groups of related physical devices.

  3. In Control Panel > Storage Configuration > Storage Policy, follow the instructions below to manage your storage policies:

    • To create a storage policy, click Create. In the Create a New Storage Policy window, configure the following settings:

      1. Storage Policy Name – Enter a name for this storage policy. Then, enter an optional Description for future references.

      2. Primary Storage – Select the desired logical device from the Logical device drop-down list. The backup data will be saved in the logical device selected here. You can also click New Logical Device to create a new one. For more information, refer to Manage Logical Devices.

      3. Enable Retention Rule – To configure a retention rule for this storage policy, select the Enable retention rule checkbox. In the Storage Policy Type section, select Backup type. In the Notification section, select an email notification profile from the drop-down list, or you can click New Notification Profile to set up a new email notification profile.

      If no retention rule is needed, click OK to save the configurations and return to the Storage Configuration interface. After the storage policy is saved, it will be listed in the Storage Policy tab.

    • To edit a storage policy, select the storage policy and click Edit on the ribbon.

    • To view a storage policy, select the storage policy and click View Details on the ribbon.

    • To delete one or multiple storage policies, select the storage policies and click Delete on the ribbon.

Manage Physical Devices

In Control Panel > Storage Configuration > Physical Devices, follow the instructions below to manage your physical devices:

NOTE

If you are using or plan to use your own storage device, read the instructions in Allow AvePoint Agent Servers to Access Your Storage Account carefully and complete the settings upon your need.

  • To create a physical device, click Create. In the Create Physical Device window, enter a device name and select a storage type. For details of the configurations for different storage types, refer to instructions in the following sections: FTP, SFTP, Microsoft Azure BLOB Storage, Amazon S3, Amazon S3-Compatible Storage, Rackspace Cloud File, Dropbox, and Box.

  • To edit a physical device, select the physical device and click Edit on the ribbon.

  • To view a physical device, select the physical device and click View Details on the ribbon.

  • To delete one or multiple physical devices, select the physical devices and click Delete on the ribbon.

FTP

Configure the following settings:

  • Host – Enter the IP address of the FTP server.

  • Port – Enter the port to use to connect to this FTP server.

  • Folder – Enter the folder where exported data will be stored on the FTP server.

  • Username – Enter the username to use to connect to this FTP server.

  • Password – Enter the password of the specified username.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on the keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646 (the unit is second). For example, RetryInterval=30 means that it will attempt to reconnect every 30 seconds.

      If you do not configure this parameter, the value is 30 seconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646. For example, RetryCount=60 represents when the network connection is interrupted, it can reconnect at most 60 times.

      If you do not configure this parameter, the value is 6 by default.

    • IsRetry – Whether or not to try again when Classic DocAve Backup failed to write the data in the physical device.

      • If you enter IsRetry=true, it will try again when Classic DocAve Backup failed to write the data in the physical device.

      • If you enter IsRetry=false, it will not try again when Classic DocAve Backup failed to write the data in the physical device.

SFTP

Configure the following settings:

  • Host – Enter the IP address of the SFTP server.

  • Port – Enter the port of the SFTP server.

  • Root folder – Enter the root folder that you wish to access.

  • Username – Enter the username used to access the root folder.

  • Password – Enter the corresponding password of the user used to access the root folder.

  • Private key file – If the SFTP server supports the private key file, click Browse to upload a private key file.

  • Private key password – Enter the corresponding password of the uploaded private key file.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on the keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. Enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will attempt to reconnect every 30000 milliseconds.

      If you do not configure this parameter, the value is 30000 milliseconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

      If you do not configure this parameter, the value is 6 by default.

Microsoft Azure BLOB Storage

Configure the following settings:

  • Access point – Enter the URL for the Blob Storage Service. The default URL is http://blob.core.windows.net.

  • Container name – Enter the container name you wish to access.

  • Account name – Enter the corresponding account name to access the specified container.

  • Account key – Enter the corresponding account key to access the specified container.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will attempt to reconnect every 30000 milliseconds.

      If you do not configure this parameter, the value is 30000 milliseconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646. For example, RetryCount=10 represents when the network connection is interrupted, it can reconnect at most 10 times.

      If you do not configure this parameter, the value is 6 by default.

Amazon S3

Configure the following settings:

  • Bucket name – Enter the bucket name you wish to access.

  • Access key ID – Enter the corresponding access key ID to access the specified bucket. You can view the Access key ID from your AWS account.

  • Secret access key – Enter the corresponding secret key ID to access the specified bucket. You can view the Secret access key from your AWS account.

  • Storage region – Select the storage region of this bucket from the drop-down list.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. Enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will attempt to reconnect every 30000 milliseconds.

      If you do not configure this parameter, the value is 30000 milliseconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

      If you do not configure this parameter, the value is 6 by default.

    • enablessl=true – Configure to enable SSL for the backups stored on this physical device.

    • CustomizedRegion – Configure the customized region of the physical device. For example, enter CustomizedRegion=s3.us-gov-west-1.amazonaws.com to configure the GovCloud account.

Amazon S3-Compatible Storage

Configure the following settings:

  • Bucket name – Enter the bucket name you wish to access.

  • Access key ID – Enter the corresponding access key ID to access the specified bucket.

  • Secret access key – Enter the corresponding secret key ID to access the specified bucket.

  • Endpoint – Enter the URL used to connect to the place where you want to store the data.

    NOTE

    The URL must begin with “http://” or “https://”.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. Enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will attempt to reconnect every 30000 milliseconds.

      If you do not configure this parameter, the value is 30000 milliseconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. Enter any positive integer between 0 and 2147483646. For example, RetryCount=6 represents when the network connection is interrupted, it can reconnect at most 6 times.

      If you do not configure this parameter, the value is 6 by default.

Rackspace Cloud File

Configure the following settings:

  • Container name – Enter the container name you wish to access.

  • Username – Enter the corresponding username to access the specified container.

  • API key – Enter the corresponding API key to access the specified container.

  • CDN enabled – Select this checkbox if the content delivery network (CDN) is enabled.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646 (the unit is millisecond). For example, RetryInterval=30000 means that it will attempt to reconnect every 30000 milliseconds.

      If you do not configure this parameter, the value is 30000 milliseconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646. For example, RetryCount=10 represents when the network connection is interrupted, it can reconnect at most 10 times.

      If you do not configure this parameter, the value is 6 by default.

Dropbox

Configure the following settings:

  • Root Folder Name – Enter a name for the root folder, which will be created in Dropbox and used to store the data.

  • Token secret – Click Retrieve Token. Enter the email address and the password of the Dropbox account in the pop-up window to log into Dropbox, and then the token will appear in this pop-up window. Enter the token that appeared in the Token secret text box.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646 (the unit is in milliseconds). For example, RetryInterval=30000 means that it will attempt to reconnect every 30000 milliseconds.

      If you do not configure this parameter, the value is 30000 milliseconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646. For example, RetryCount=10 represents when the network connection is interrupted, it can reconnect at most 10 times.

      If you do not configure this parameter, the value is 6 by default.

Box

Configure the following settings:

  • Root Folder Name – Enter the name of the root folder, which will be used to store data.

  • Email Address – Enter the email address to access Box.

  • Refresh token – Click Retrieve token. Enter the email address and the password of the Box account in the pop-up window to log in to Box, and then the token will appear in this pop-up window. Enter the appeared token in the Refresh token text box.

  • Advanced – Enter the following extended parameters in the text box if necessary. If you have multiple parameters to enter, press Enter on your keyboard to separate the parameters. Click Validation Test to verify that the information you entered is correct.

    Refer to the instructions below to add parameters:

    • RetryInterval – Customize the retry interval when the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646 (the unit is in milliseconds). For example, RetryInterval=30000 means that it will attempt to reconnect every 30000 milliseconds.

      If you do not configure this parameter, the value is 30000 milliseconds by default.

    • RetryCount – Customize the reconnection times after the network connection is interrupted. You are allowed to enter any positive integer between 0 and 2147483646. For example, RetryCount=10 represents when the network connection is interrupted, it can reconnect up to 10 times.

      If you do not configure this parameter, the value is 6 by default.

Manage Logical Devices

In Control Panel > Storage Configuration > Logical Devices, follow the instructions below to manage your logical devices:

  • To create a logical device, click Create. In the Create Logical Device window, configure the following settings:

    1. Logical Device Name – Enter a Logical device name for this logical device. Then enter an optional Description for future reference.

    2. Storage Type – From the Storage type drop-down list, select the storage type for this logical device. This will determine the physical devices available to be added to this logical device.

    3. Add Physical Device – Select the physical device you wish to add from the Physical device drop-down list. You can also choose New Physical Device to create a new one. Click Add to add the physical device to this logical device.

    4. Click OK to save the configurations and return to the Storage Configuration interface. After the logical device is saved, it will be listed in the Logical Device tab.

  • To edit a logical device, select the logical device and click Edit on the ribbon.

  • To view a logical device, select the logical device and click View Details on the ribbon.

  • To delete one or multiple logical devices, select the logical devices and click Delete on the ribbon.

Allow AvePoint Agent Servers to Access Your Storage Account

If you are using or plan to use your own storage device, read the instructions in this section carefully and complete the settings upon your need. Otherwise, you can skip this topic.

When you are using your own storage device, you may have set up the storage firewall to only allow the trusted clients for security concerns. To ensure that AvePoint cloud products can access your storage, complete the settings as required in the following conditions:

NOTE

If you are using a trial subscription and the storage account you want to use in the trial has a firewall enabled, read the conditions below and contact AvePoint Support for the corresponding reserved IP addresses or ARM VNet IDs.

  • If you are using a storage type other than Microsoft Azure storage, you must add reserved IP addresses to your storage firewall. To get the list of the reserved IP addresses, refer to Download a List of Reserved IP Addresses.

  • If you are using Microsoft Azure storage, refer to the following:

    • If your storage account is in the same data center as the one you use to sign up for AvePoint Online Services or your storage account is in its paired region, you must add the Azure Resource Manager (ARM) VNet subnets where the AvePoint agents are running on to your storage networking. You can find additional details in this Microsoft article: Grant access from a virtual network. To get the ARM VNet subnet IDs for your data center, go to AvePoint Online Services > Advanced Settings > Firewalls and Virtual Networks. For detailed instructions, refer to the Add ARM Virtual Networks section below.

    • Other than the condition above, you need to add all the reserved IP addresses to the Azure storage firewall. For details, refer to the Add Reserved IP Addresses section below.

Add Reserved IP Addresses

Follow the steps below:

  1. Navigate to AvePoint Online Services interface > Administration > Security > Reserved IP addresses to download the list of reserved IP addresses of AvePoint Online Services. For details, refer to Download a List of Reserved IP Addresses.

  2. Go to the storage account that you want to secure.

  3. Select Networking on the menu.

  4. Check that you’ve selected to allow access from Selected networks.

  5. Enter the IP address or address range under Firewall > Address Range.

  6. Select Save to apply your changes.

Add ARM Virtual Networks

There are two ways to add ARM Virtual Networks:

  • Use the Azure CLI tool (https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)

    ## Use the Azure CLI tool

# Step 1 (Optional): If you have multiple Azure subscriptions, please switch to the correct subscription
# This command sets the active subscription to the specified subscription ID.
az account set --subscription xxxxxxxx-xxxx-xxxx-xxxx-yyyyyyyyyyyy

# Step 2 (Optional): Confirm whether the subscription switch is correct
# This command displays the current subscription information in a table format.
az account show --output table

# Step 3: Get the AvePoint Online Services network subnet resource ID
# This variable stores the resource ID of the subnet in the virtual network.
# Replace with the Azure Resource Manager (ARM) VNet ID downloaded from your AvePoint Online Services tenant.
$SUBNETID="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-yyyyyyyyyyyy/resourceGroups/ResourceGroupName/providers/Microsoft.Network/virtualNetworks/VirtualNetworkName/subnets/SubnetName"

# Step 4: Set your resource group name
# This variable stores the name of the resource group where your storage account is located.
$DESTRG="customer_resource_group_name"

# Step 5: Set your storage account name
# This variable stores the name of the storage account to which you want to add the network rule.
$DESTSTA="customer_storage_account_name"

# Step 6: Add the firewall virtual network rule to grant access to AvePoint Online Services
# This command adds a network rule to the specified storage account, allowing access from the specified subnet.
az storage account network-rule add --resource-group $DESTRG --account-name $DESTSTA --subnet $SUBNETID

# Step 7: List the current network rules for the storage account to verify the addition
# This command lists the virtual network rules for the specified storage account.
az storage account network-rule list --resource-group $DESTRG --account-name $DESTSTA --query virtualNetworkRules

# Step 8 (Optional): Disable the public access to storage account
# This command updates the storage account to deny public network access.
az storage account update --resource-group $DESTRG --name $DESTSTA --default-action Deny

# Step 9 (Optional): Verify that the default action for network rules is set to Deny
# This command shows the network rule set for the specified storage account, including the default action.
az storage account show --resource-group $DESTRG --name $DESTSTA --query networkRuleSet.defaultAction

  • Use the Azure Az PowerShell (https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.1.0)

    ## Use Azure PowerShell (Az Module)

# Step 1: Sign in to Azure with your Azure Admin account
Connect-AzAccount

# Step 2 (Optional): If you have multiple Azure subscriptions, please switch to the correct subscription
# This command sets the active subscription to the specified subscription ID.
Set-AzContext -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-yyyyyyyyyyyy"

# Step 3: Get the AvePoint Online Services network subnet resource ID
# This variable stores the resource ID of the subnet in the virtual network.
# Replace with the Azure Resource Manager (ARM) VNet ID downloaded from your AvePoint Online Services tenant.
$SUBNETID="/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-yyyyyyyyyyyy/resourceGroups/ResourceGroupName/providers/Microsoft.Network/virtualNetworks/VirtualNetworkName/subnets/SubnetName"

# Step 4: Set resource group name
# This variable stores the name of the resource group where your storage account is located.
$DESTRG="customer_resource_group_name"

# Step 5: Set storage account name
# This variable stores the name of the storage account to which you want to add the network rule.
$DESTSTA="customer_storage_account_name"

# Step 6: Add the firewall virtual network rule to grant access to AvePoint Online Services
This cmdlet adds a network rule to the specified storage account, allowing access from the specified subnet.
Add-AzStorageAccountNetworkRule -ResourceGroupName $DESTRG -Name $DESTSTA -VirtualNetworkResourceId $SUBNETID

# Step 7: Verify the newly added network rule
# This cmdlet retrieves the network rule set for the specified storage account.
Get-AzStorageAccountNetworkRuleSet -ResourceGroupName $DESTRG -AccountName $DESTSTA

You will see the virtual network rules in Azure Portal, as the screenshot below shows. You may also notice that a warning message “Insufficient Permission…” is displayed. It is because the subnet is not in your subscription. You can ignore it.

The vNet rules.