Cohesity DataProtect With Wasabi

  • Published on Apr 9, 2026
  • 9 minute(s) read
Prev Next

Cohesity DataProtect is a high-performance, secure backup and recovery solution. Wasabi is validated to be used as an External Target for Cohesity DataProtect. The procedures in this article detail the steps to add a Wasabi bucket as an External Target. To learn more about the Cohesity + Wasabi solution, refer to our solution brief.

Requirements

  • Active Wasabi Cloud Storage account.

  • Wasabi Bucket (see Working With Buckets and Objects). This may be either a regular bucket or Object-Lock-enabled (immutable) one.  

  • Access & Secret Key Pair (see Creating a User Account and Access Key).

  • Cohesity DataProtect is installed and licensed. This solution was most recently tested with version 7.3.1.

  • A VMware vCenter or another hypervisor is added as a source. A source is an object in your organization that you want to protect, such as a VM, physical server, Pure Storage volume, MS SQL Server or NAS. Refer to Register or Edit a Hypervisor Source page on Cohesity documentation for details on how to add a source or an asset for data protection. This article provides an example to protect a virtual machine on VMware vCenter, which was added as a source.

The data restoration process is handled by your specific backup software application. As there are many potential variables that will affect your unique environment, it is strongly recommended that you seek the guidance of your backup software's technical support team in the event that you encounter difficulty, or have application-specific inquiries.

Reference Architecture Diagram

Screenshot 2023-09-14 at 1.20.36 PM.png

Creating a Wasabi Bucket and Keys

Follow the steps in this section to create a standard Wasabi bucket. We will later use this bucket to create an External Target on Cohesity to write backups to Wasabi. To enable immutability, follow the steps in the Configuring Immutability (Object Lock) section at the end of this article.

  1. Log in to the Wasabi Console.

  2. Click Buckets in the left-hand pane and then click Create Bucket.

  3. In the Create Bucket window, enter a unique bucket name.

  4. Select the appropriate region and click Create Bucket

  5. To create a sub-user with access keys, review Creating a User Account and Access Key to access the Wasabi bucket created above.

    The following user permissions are required to use the Cohesity cloud services as outlined in the Minimum Permissions for Registering External Targets.

    • AbortMultipartUpload

    • DeleteObject

    • DeleteObjectVersion

    • GetBucketLocation

    • GetBucketObjectLockConfiguration

    • GetBucketVersioning

    • GetLifecycleConfiguration

    • GetObject

    • GetObjectAttributes

    • GetObjectVersion

    • GetObjectVersionAttributes

    • ListBucket

    • ListBucketMultipartUploads

    • ListMultipartUploadParts

    • PutObject

    • PutObjectRetention

    • RestoreObject

    • ListBucketVersions

Adding Wasabi as an External Target

Wasabi can be added as an External Target to be used for Archival or Tiering.

  1. Log in to your Cohesity System.

  2. Select Infrastructure and then External Targets. Click Add External Target on the top right.

    Screenshot 2023-08-31 at 8.59.19 AM.png

  3. Click the checkbox to select Archival and select S3 Compatible from the drop-down.

  4. This example uses Archival type for External Target. Cohesity has two external Target types.

    • Cloud Archival—Archive's benefits include long-term data retention on low-cost storage to meet compliance and retention requirements. Cohesity archive automatically copies an existing Snapshot created by Protection Groups located in a Cohesity cluster and stores it on a registered External Target.

    • Cloud Tier—Cohesity Cloud Tier enables an additional storage tier where cold data can be stored. You can enable Cloud Tier to move rarely used and inactive data to the cloud when HDD used capacity exceeds a set threshold.

    Screenshot 2023-09-14 at 10.33.59 PM.png

Incremental Forever Archival Format

Per Cohesity, the Incremental Forever archival format is the only option available.  Incremental with Periodic Full archival format is no longer supported.

With incremental forever archival format, the Cohesity cluster will download a portion of the data from the S3-compatible Standard tier external target for the space reclamation process and re-upload it after compaction. This leads to increased network bandwidth usage. Before creating an Incremental Forever External Target with Wasabi, Cohesity recommends having sufficient network bandwidth between the cluster and the external target. If you need help in determining if your Network speed is sufficient please reach out to Cohesity Support to consult with them about your environment.

In addition to Supporting Daily Archivals, the network should be able to additionally support daily transfer of data that will get garbage collected. This is roughly equal to Daily Change Rate (DCR), e.g. for a 1 PB Archive with 2% DCR, up to 20 TBs will be downloaded from the archive to the cluster every day and then uploaded back.

Enable this option to perform a first full archival and then incremental forever archival of data from the Cohesity cluster to an external target. Incremental forever archival eliminates the need for periodic full archive and supports global deduplication, thereby improving the storage utilization of the target.

Enter the following details.

  • Bucket Name—Name of the Wasabi bucket created in section 3

  • Access Key ID—Access key for the Wasabi user

  • Secret Access Key—Secret key for the Wasabi user

  • Endpoint—This will vary depending on your bucket’s chosen region

  • Port—(optional) 443

  • Region—(optional)Region for your Wasabi bucket

  • External Target Name—Name for the external target that is being added

  • Archival Format—Use the default Incremental Forever

  1. Once the above details are added, click Register to add the External target.

    This example uses Wasabi's 'us-east-1' storage region. To use other Wasabi storage regions, use the appropriate Wasabi service URL as described in Service URLs for Wasabi's Storage Regions.

  2. The newly created External target can be viewed by clicking Infrastructure and then External Targets.

    Screenshot 2023-09-14 at 10.42.02 PM.png

Creating a Protection Policy

A protection policy is a collection of reusable settings that define how and when sources are protected and archived. Follow the steps below to create a protection policy to archive backups to Wasabi.

  • Cloud Archive—Cloud Archive sends a copy of the backup data (it contains the backup data, metadata, dedupe fingerprint, and index) stored on the Cohesity Cluster to any registered external target. To perform Cloud Archive, at least one full copy of the primary data needs to be stored on the cluster.

  • Cloud Archive Direct—If you are running 7.1.2_u2 LTS or above and you created an external target with Incremental Forever Archival Format you can now archive directly to your Wasabi bucket using a  Cloud Archive Direct (CAD) policy. CAD copies the data from any NAS or VMware directly to any registered external target such as Wasabi to reduce storage costs and eliminate the need to store a full backup copy on-premises.

Creating a Cloud Archive Policy

  1. Click Data Protection and Policies. Then click Create Policy.

    Screenshot 2023-09-14 at 11.58.58 PM.png

  2. Input the Policy Name and configure the number of days/weeks to run backups and the retention period as per requirements. Click More Options.

    Screenshot 2023-09-15 at 12.51.44 AM.png

  3. Click Add Archive to add the external target pointing to Wasabi as an archive. 

    Screenshot 2023-09-15 at 12.53.11 AM.png

  4. Select the Archive target that was created above from the pull-down list under Archive to. Configure the retention period. Remove DataLock for Archive by clicking beside the lock period. Then click Create to create the protection policy.

    Screenshot 2023-09-15 at 12.54.09 AM.png

Creating a Cloud Archive Direct Policy

  1. Click Data Protection and then Policies. Then click Create Policy.

    Screenshot 2023-09-14 at 11.58.58 PM.png

  2. Input the Policy Name and configure the number of days/weeks to run backups.

  3. Select your Incremental Forever Wasabi Target.

  4. Set your retention period as per requirements.

  5. Click Create.

Creating a Backup

  1. Click Protect and then Virtual Machines

    In this example, we are protecting Virtual Machines. Refer to the Cohesity documentation for protecting other sources.

    Screenshot 2023-09-15 at 1.08.55 AM.png

  2. Click Add Objects to add the Virtual Machines for protection.

    Screenshot 2023-09-15 at 1.18.56 AM.png

  3. Select the Registered Source from the drop-down list and add the VMs to be protected by selecting the checkbox next to them. 

    In this example, the source VMs are already discovered on Cohesity. Refer to Register or Edit a Hypervisor Source page on Cohesity documentation.

    Screenshot 2023-09-15 at 1.21.51 AM.png

  4. Input the name of the Protection Group if you want to create one. Then click Policy.

    Screenshot 2023-09-15 at 1.27.33 AM.png

  5. Select the protection policy created in Section 5 from the pulldown list. Then click Protect.

    Screenshot 2023-09-15 at 1.28.43 AM.png

  6. The Protection will now be added and can be viewed on the Protection page. You can run it manually by clicking on the three dots beside the protection name and clicking Run Now.

    Screenshot 2023-09-15 at 1.30.29 AM.png

Recovering a VM From a Backup

This example details steps to recover a VM from a backup.

  1. Click Data Protection and then Recoveries to open the Recoveries page. To start recovery of VMs, click Recover, then click Virtual Machines and VMs. To learn about other recovery types, refer to Cohesity documentation.

    Screenshot 2023-09-15 at 1.55.01 AM.png

  2. On the Virtual Machines window, search the virtual machine if you know the name or type "*" to list all VMs that are backed up. Then, select the VM you want to recover by checking the checkbox next to the VM.

  3. Click Next: Recover Options to go to the next window. 

    Screenshot 2023-09-15 at 1.56.50 AM.png

  4. Select the Recover to location, recovery method, and Existing VM Handling option based on your requirement. Click Recover to start the recovery. 

    • Recover to the Original Location—Recover the VM files (such as the VMDK files) to their original datastores and create new instances of the VMs in the original Resource Pool available in the original Source.

    • Recover to a New Location—Recover the VM files (such as the VMDK files) to an alternate datastore and create new instances of the VMs in an alternate Resource Pool of a registered Source.

    Screenshot 2023-09-15 at 2.11.43 AM.png

  5. Progress of the recovery can be monitored from the Recoveries page.

    Screenshot 2023-09-15 at 2.21.02 AM.png

Configuring Immutability (Object Lock)

You can now use Object Lock enabled buckets with Cohesity 7.2.1 and above.

By default when creating an Archive Object Lock enabled External Target the mode will be set to Governance that allows users with sufficient permissions to delete objects. If you want to use Compliance mode that does not allow object deletion, you will need to contact Cohesity Support and open a case. They will make Cluster Config modifications to enable Compliance mode on the External Target you create.

  1. Log into your Wasabi Console and create an Object Lock enabled bucket as specified in Object Lock: Enabling.

    In the bucket settings, be sure not to turn on Default Object Retention, as the Object Lock settings will be configured in Cohesity Protection Policy.

  2. On the Cohesity web portal, click Infrastructure and then click External Targets.

  3. Click Add External Target.

  4. Select Archival and then from the Storage Type drop-down select S3 Compatible.

  5. Choose Regular from the Storage Class drop-down.

  6. Enter the following information.

    • Bucket Name—Your Object-Lock-enabled Bucket

    • Access Key ID—Your Wasabi Access Key

    • Secret Key ID—Your Wasabi Secret Key

    • Endpoint—The Wasabi Service URL where you created your OL bucket

    • Port—(optional)Port 443

    • Region—(optional)The matching region with your endpoint

    • External Target Name—Unique name for the target

    • Archival Format—Incremental Forever

    This configuration example discusses the use of Wasabi's us-east-2 storage region. To use other Wasabi storage regions, use the appropriate Wasabi service URL as described in Service URLs for Wasabi's Storage Regions.

  7. Next you can now slide the selector on for Archive Object Lock.

  8. Click Register.

  9. Next, click Data Protection in the left-hand pane.

  10. Click Policies and then click Create Policy.

  11. Give the Policy a unique name.

  12. Turn off Data Lock as the Archive Target will automatically have OL settings applied.

  13. Specify how often you want the backup to run.

  14. Specify how long you want to keep the primary copy Locally.

  15. Click Add Archive.      

  16. Click the Archive To drop-down and select your Object-Lock-enabled Wasabi target.

    You will now see the prompt about the External Target being Archive Object Lock enabled. The data will be locked for as long as you specify the retention period to be and cannot be deleted until then.

  17. You may now assign this policy to a Protection/Protection Group as shown in the Creating a Backup section.

    Once the backup job has run and protected the entity, you can go into the protection job and view that details. You can now see the Object Lock expiry details on when the backups will be deleted.

  18. If you Log into your Wasabi Console, go the the data in the bucket, and enable Show Versions, you will see either Governance or Compliance mode now on the data versions.

Copyright © 2026 by Wasabi Technologies LLC
75 Arlington Street, Suite 810, Boston, MA 02116 USA
All Rights Reserved
Visit Wasabi (wwww.wasabi.com)

WASABI and the WASABI logo are trademarks of Wasabi Technologies LLC and may not be used without permission of Wasabi Technologies. All other names are used for identification purposes only and are trademarks or registered trademarks of their respective companies.

Information presented herein is subject to change without notice. Companies, names, and data used in examples are fictitious unless otherwise noted. No part of this information may be reproduced or transmitted in any form by means electronic or mechanical, for any purpose, without express written permission of Wasabi Technologies.