IBM Cloud Pre-Work

This will guide you through what needs to be done on the IBM Cloud side to allow Veeam to offload backups in to our Object Storage Bucket.

Launch IBM Cloud Shell

Launch Cloud Shell to run through the following steps. The icon can be found in the upper right navigation bar in the cloud portal.

Launch Cloud Shell

Finding Your Cloud Object Storage Instance ID:

We will use the resource service-instance operator to get our Cloud Object Storage instance id (GUID). Use the handy jq utility to only return the GUID.

$ ibmcloud resource service-instance <name-of-icos-instance> --output json | jq -r '.[].guid'

You will use the value returned by the above command in another command. Please note it.

Create a Service ID

We will create a service ID to interact with our ICOS bucket. A service ID identifies a service or application similar to how a user ID identifies a user. We can assign specific access policies to the service ID that restrict permissions for using specific services.

ibmcloud iam service-id-create <name-of-your-service-id> --description "Service ID for Veeam Scale out repository" --output json

This command simply returns the ID of the service-id that was created. This will be used in place of in the next command.

ibmcloud iam service-id <name-of-your-service-id> --output json | jq -r '.[].id'

You will use the value returned by the above command in another command. Please note it.

Assign Service ID an access policy

We will now create an access policy that gives the Service ID write access to a single IBM Cloud Object Storage bucket.

ibmcloud iam service-policy-create <Service ID> --roles Writer --service-name cloud-object-storage --service-instance <Service Instance GUID> --resource-type bucket --resource <bucket-name>

Create Service Credentials for the Service ID

Veeam uses HMAC credentials (Secret Key/Access Key) so we will need to generate some from cloud shell. We will be binding these new credentials to our Service ID

$ ibmcloud resource service-key-create <name of service key> Writer --instance-id <Service Instance GUID> --service-id <Service ID> --parameters '{"HMAC":true}'

Save the access_key_id and secret_access_key as we will need these when we configure the scale out repository in Veeam.