Manage backup vaults - Cloud Backup - Alibaba Cloud Documentation Center

This topic describes backup vaults and the operations that you can perform on backup vaults.

Background information

A backup vault is a cloud repository that is used by Cloud Backup to store backup data. On the Storage Vaults page of the Cloud Backup console, you can view the following information about each backup vault: the number of backup vaults, amount of backup data, status, and number of backup plans. You can also perform the following operations on a backup vault: view the backup content, configure a tag for a backup vault, back up data across multiple regions, configure backup parameters, specify an expiration date for a backup vault, and delete a backup vault.

Procedure

Log on to the Cloud Backup console.
In the top navigation bar, select a region.
In the left-side navigation pane, choose Backup Appliance > Storage Vaults.
On the Storage Vaults page of the Cloud Backup console, all backup vaults are displayed. You can view the type, backup plan quantity, data volume, creation time, and status of each backup vault. You can also perform the following operations:

Configure a tag for a backup vault

You can use tags to identify resources. You can also use tags to categorize Cloud Backup resources. This way, you can search for and aggregate resources in an efficient manner.

You can create different tags for different backup vaults. For example, if you manage teams or projects, you can create tags based on departments or projects, and then use these tags to group your resources. For example, you can create a tag named project:a for a project. This way, you can filter out a group of backup vaults based on the tag when you manage backup vaults.

Description
- Each tag consists of a key-value pair.
- A tag must be unique.
  For example, the company:a tag is added to a backup vault. If you add the company:b tag to the backup vault, the company:a tag is replaced by the company:b tag.
- Tags are not shared across regions. For example, tags that are created in the China (Hangzhou) region are invisible to the China (Shanghai) region.

Precautions

Item	Limit
The maximum length of a key	128 characters
The maximum length of a value	128 characters
The maximum number of custom tags that you can add to a resource	20
The key of a tag	The key cannot start with `aliyun` or `acs:`. The key cannot contain `http://` or `https://`. The key cannot be an empty string.
The value of a tag	A tag value cannot contain `http://` or `https://`.

In the Tags column next to the name or ID of the backup client, click the icon.
In the dialog box that appears, click Edit.
In the Key and Value fields, enter the key-value pair of a tag and click Save.
If you want to create more than one tags, click Add a row to specify the key-value pair of a new tag.

Create a mirror vault for a backup vault

To meet the requirements for disaster recovery, you can create a remote mirror vault for a backup vault. Data in the backup vault is automatically replicated to the mirror vault. This way, you can back up data across multiple regions. For more information, see Back up data across regions.

Important

A backup vault whose backup type is Archive does not support the remote backup feature.

Search backup vaults by tag

In the upper-right corner of the Backup Storage page, select Tags from the drop-down list and enter the tag information. Then, click the Search icon.

You can search for a resource by using a key, as shown in the following example:
```
aaa
```
You can search for a resource by using a key-value pair, as shown in the following example:
```
aaa:bbb
```
You can search for a resource by using multiple key-value pairs, as shown in the following example:
```
aaa:bbb,ccc:ddd
```

What to do next

Action	Description
Modify Backup Vault	In the Actions column of the backup vault that you want to manage, choose More > Modify Backup Vault. Then, configure the Vault Name, Backup Search, and Immutable Backup parameters. Important Only backup vaults whose backup type is General Backup support the backup search and immutable backup features. After the features are enabled, you cannot disable the features. After the immutable backup feature is enabled, you cannot modify or delete backup vaults or backup files in the backup vaults during the specified retention period. After the immutable backup feature is enabled, you can continue to run backup or restore jobs.
Alert Settings	In the Actions column of the backup vault that you want to manage, choose More > Alert Settings. Then, configure an alert for the backup vault. By default, if a backup attempt fails or a backup client is disconnected from Cloud Backup, alert notifications are sent to the owner of an Alibaba Cloud account. The following notification methods are supported: Disabled: Cloud Backup does not send alert notifications. To Parent Account: Cloud Backup sends email alert notifications to the owner of the Alibaba Cloud account to which the backup vault belongs. Custom: If you select this option, you must specify one or more alert contacts or alert groups. After you complete the configuration, Cloud Backup sends alert notifications to the contacts and contact groups that you select.
Set Retention Time	In the Actions column of the backup vault that you want to manage, choose More > Set Retention Time. You can retain a backup vault for a specified retention period or for persistent storage. Important Only backup vaults whose backup type is Database Backup or Archive support this operation. If you specify a retention period for a backup vault, the backup vault is deleted when the retention period expires.
Delete	In the Actions column of the backup vault that you want to delete, choose More > Delete. Warning If you delete a backup vault, all the backup data in the backup vault is deleted and the backup data cannot be restored. Proceed with caution.
RAM Permission Policy	In the Actions column of the backup vault that you want to delete, choose More > Modify Backup Vault. You can grant a RAM user the permissions on a backup vault. The permissions allow the RAM user only to back up or restore the backup vault. You can grant permissions by using the following sample policies. To create a custom policy, copy one of the scripts and paste the script in the RAM console. Then, attach the custom policy to the RAM user. For more information, see Create a custom policy. To disallow a RAM user to restore a backup vault, use the following sample policy: `{ "Version": "1", "Statement": [ { "Effect": "Deny", "Action": [ "hbr:CreateRestore", "hbr:CreateRestoreJob", "hbr:CreateHanaRestore", "hbr:CreateUniRestorePlan", "hbr:CreateSqlServerRestore" ], "Resource": [ "acs:hbr::1178***531:vault/v-000***blx06", "acs:hbr::1178****531:vault/v-000***blx06/client/" ] } ] }` To disallow a RAM user to back up a backup vault, use the following sample policy: { "Version": "1", "Statement": [ { "Effect": "Deny", "Action": [ "hbr:CreateUniBackupPlan", "hbr:UpdateUniBackupPlan", "hbr:DeleteUniBackupPlan", "hbr:CreateHanaInstance", "hbr:UpdateHanaInstance", "hbr:DeleteHanaInstance", "hbr:CreateHanaBackupPlan", "hbr:UpdateHanaBackupPlan", "hbr:DeleteHanaBackupPlan", "hbr:CreateClient", "hbr:CreateClients", "hbr:UpdateClient", "hbr:UpdateClientSettings", "hbr:UpdateClientAlertConfig", "hbr:DeleteClient", "hbr:DeleteClients", "hbr:CreateJob", "hbr:UpdateJob", "hbr:CreateBackupPlan", "hbr:UpdateBackupPlan", "hbr:ExecuteBackupPlan", "hbr:DeleteBackupPlan", "hbr:CreateBackupJob", "hbr:CreatePlan", "hbr:UpdatePlan", "hbr:CreateTrialBackupPlan", "hbr:ConvertToPostPaidInstance", "hbr:KeepAfterTrialExpiration" ], "Resource": [ "acs:hbr::1178***9531:vault/v-000***blx06", "acs:hbr::1178****9531:vault/v-000***blx06/client/" ] } ] }