As platform operator, you can create a data protection target location that you can use for storage of backups that you generate using VMware Tanzu Mission Control.

When you run a backup using Tanzu Mission Control, the resources that you specify to be backed up are written to a storage location that you identify. This location can be a storage location that you create and maintain in your cloud provider account (AWS S3 or S3-compatible storage or Azure Blob storage). This procedure shows how to create a target location that you can use for backups.

Prerequisites

Log in to the Tanzu Mission Control console.

Make sure that you have already created a data protection credential that provides the connection to your cloud provider account.
Make sure that you have the appropriate permissions in your Tanzu Mission Control organization.
  • To create a target location, you must be associated with the organization.admin role.

Procedure

  1. In the Tanzu Mission Control console, click Administration in the left navigation pane.
  2. On the Administration a page, click the Target Locations tab.
  3. Click Create Target Location, and then choose the type of storage for the new target location.
    • Self provisioned storage: AWS S3 or S3-compatible
    • Self provisioned storage: Azure Blob
  4. Select an account credential, and then click Next.
  5. If you choose self-provisioned storage, specify the configuration of the storage.
    For AWS S3 or S3-compatible:
    1. Enter the URL that identifies the AWS S3 or S3-compatible storage location.
      Note: Since Tanzu Mission Control supports actual S3 as well as any custom backend that is S3-compatible, the URLs can be in one of the following formats:
    2. Enter a name for the bucket in which to store backups.
    3. Specify the region in which to store backups.
    4. If your storage location uses a custom root certificate or CA certificate, then enter the certificate in the text box.
    For Azure Blob:
    1. Enter the account ID for the account where the Azure Blob resides.
    2. Enter the container name for the Azure Blob.
    For more information about setting up your Azure account for use with Tanzu Mission Control data protection, see Account Setup for Azure Blob Target Location.
    After you have specified the configuration for the storage provider, click Next.
  6. Specify the clusters that can use this target location for backup.
    You can specify cluster groups as well as individual clusters for the target location.
    • To specify cluster groups, click Select Cluster Groups.
    • To specify individual clusters, click Select Clusters.
  7. Click Next.
  8. Provide a name for the target location.
  9. Click Create.

Results

When you click Create, Tanzu Mission Control generates a backup location that can be used by the specified clusters.

Note: The flags that you use when creating a target location for data protection using the command line in Tanzu Mission Control Self-Managed differ from those you use for SaaS. Use the a command like the following to create a target location for data protection:
tmc dataprotection provider backuplocation create --name my-location-name --credential-name my-credential-name --region minio --assigned-cluster-groups default --bucket my-test-bucket --s-3-url http://some-prefix.us-west-2.elb.amazonaws.com:9000 --enable-s-3-force-path-style --public-url http://some-prefix.us-west-2.elb.amazonaws.com:9000 --ca-cert "-----BEGIN CERTIFICATE-----\nlong-credential-string-here\n-----END CERTIFICATE-----" 
Make sure you replace the values in this example with the appropriate strings for your situation, including all URLs. The --ca-cert flag requires a string where the newlines are replaced with \n.
You can alternatively store your certificate in a text file, and use the following for the --ca-cert flag:
--ca-cert "$(awk 1 ORS='\\n' cert.txt)"