Xen Orchestra has been validated for use with Wasabi. Xen Orchestra is a management tool dashboard for the XCP-ng hypervisor which allows you to manage your virtual machine deployments, lifecycle, and backups. For more information, refer to Xen Orchestra in a nutshell.
This article describes the procedure to use Wasabi Covert Copy to protect a “Golden Copy” of Xen Orchestra backups for use in case of a disaster that affects other copies of backups. Wasabi Covert Copy is an effortless way to safeguard your data by creating a locked copy of your S3 bucket. Covert Copy is easy to implement without configuration requirements or technical knowledge.
Covert Copy is a static, one-time copy and not an ongoing replication.
The data restoration process is handled by your specific backup software application. As there are many potential variables that will affect your unique environment, Wasabi strongly recommends that you seek the guidance of your backup software's technical support team in the event that you encounter difficulty or have application-specific inquiries.
Requirements
Wasabi Hot Cloud Storage Account
Wasabi Multi-User Authorization enabled—See MUA (Multi-User Authorization).
Wasabi Bucket—See Creating a Bucket.
Be sure to note your bucket name, storage region URL, and Access & Secret Key, as you will need these for later steps.
XCP-ng & Xen Orchestra Environment
XCP-ng Installed (8.3 LTS as of this documentation)—See Installing XCP-ng.
Xen Orchestra Installed (Version 6.0.3 as of this documentation)—See Installing Xen Orchestra.
Xen Orchestra Essential Edition License or better—See Vates Pricing Page.
Existing Backup of a Xen Orchestra VM—See our Xen Orchestra With Wasabi for setting up your initial backups before proceeding.
High Level Steps
Follow the high-level steps below to implement Covert Copy: Setting Up and Creating a Covert Copy for your Xen Orchestra backups.
The following steps are described in more detail in the sections below.
Enable Multi-User Authorization (MUA) on your account and configure Covert Copy activities that your security contacts approve. For more detail, review MUA (Multi-User Authorization)
Pause Xen Orchestra backup activities by temporarily disabling backup jobs.
Enable Covert Copy on your bucket containing Xen Orchestra backups.
Wait for your Xen Orchestra backups to be copied to the Covert Copy bucket.
Resume Xen Orchestra backup activities by re-enabling backup jobs.
Pausing Xen Orchestra Backups
Visit your Xen Orchestra Dashboard, and select the Backups tab on the left-hand pane.
Click Enabled next to the relevant backup job.
Now your Backup Job is disabled.
Enabling Covert Copy
Log in to your Wasabi Storage Console.
Select the Buckets tab and search for your Xen Orchestra Backup bucket.
Click the three dots icon under Actions. Click Covert Copy.
Verify settings on the next screen, and click Next.
This configuration example discusses the use of Wasabi's us-east-1 storage region for the Covert Copy bucket. For a list of regions, see Available Storage Regions. The region must be in the same continent as the primary bucket.
Enter your MFA code, then click Create Bucket.
Click the toggle to Show Covert Copy Buckets. Your Covert Copy will show as in progress until the data is copied to the Covert Copy bucket. This process will take a variable amount of time depending on how much data is in the source bucket.
Once the Covert Copy operation has completed, the status will show as Covert Copy Completed.
Optionally, to see the contents of the Covert Copy bucket, click the three dots icon under Actions, and then click Request Access.
On the pop-up, click Send Request. Your MUA security contact will need to approve this request.
After your MUA security contact has approved the request, you will be able to browse the contents of the Covert Copy bucket.
Resuming Xen Orchestra Backups
Visit your Xen Orchestra Dashboard, and select the Backups tab on the left-hand pane.
Click Disabled next to the relevant backup job.
Now your backup job is Enabled.
In Case of Disaster - Adding Your Covert Copy Bucket as a Xen Orchestra Remote
In the case of a disaster, the root user use this email address to submit a ticket to Wasabi Support: support@wasabi.com. In the email, request Restore Mode and include the name of your Covert Copy bucket. After Support enables Restore Mode, the Covert Copy bucket will be visible to Xen Orchestra and will allow a restore to be performed from backups in the bucket.
Once your restore has completed, use this email address to contact Wasabi Support (support@wasabi.com) to disable Restore Mode on your Covert Copy bucket.
Add your Covert Copy bucket as another Remote in the Xen Orchestra dashboard (Log in to your Xen Orchestra dashboard and navigate to Settings > Remotes)
For Type, choose Amazon Web Services S3 from the drop-down.
Enter a friendly name for your Remote (In this case “Wasabi Covert Copy”).
Ensure Use HTTPS is toggled on (default).
Enter the Service URL for the bucket (in this example, “s3.us-east-1.wasabisys.com”).
Enter the region (in this example, “us-east-1”).
Enter the name of your Covert Copy bucket.
Enter a “/” or your custom directory for the backups.
Enter your Access Key.
Enter your Secret Key.
Click Save Configuration.
Your Covert Copy bucket will now show up as a new Remote.
Restoring From Your Covert Copy Remote
Visit the Restore page of your Xen Orchestra dashboard (Navigate to Backups > Restore). Then click Restore next to the relevant VM.
Xen Orchestra will automatically index the backups in your Covert Copy bucket, and you will be able to choose the replicated Remote in the Restore options.
Once you have selected your Covert Copy backup from the drop-down, verify optional settings and click OK.
Your Restore progress will then be shown on the Tasks tab of your Xen Orchestra Dashboard.
Once the restore completes. You will see the newly restored VM on the “Home” Tab of your Xen Orchestra dashboard.
After a successful restore, email Wasabi Support (support@wasabi.com) to request that Restore Mode is disabled for your Covert Copy bucket.