Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for Cloud Object Store Administrator's Guide
  3. Managing Cloud object store assets
  4. Prerequisites for adding Cloud object store accounts
NetBackup™ for Cloud Object Store Administrator's Guide

Prerequisites for adding Cloud object store accounts

Gather the following before you start adding a Cloud object store account.

  • Gather information about the cloud provider, service host, and region.

    Here, the service host is the host name of the Cloud object storage API endpoint that is provided by the cloud provider. For example, in the AWS public S3 endpoint URL: https://s3.us-east-1.amazonaws.com, the part:  s3.us-east-1.amazonaws.com is the service host.

    For a private cloud setup, the URL may be like: https://s3.us-east-1.amazomaws.com/tenent123/. Here the service host is: s3.us-east-1.amazomaws.com/tenent123/.

  • Note the supported authentication types by the cloud service provider and decide on the authentication type to use. All cloud providers support the Access credentials authentication type. Other supported Authentication types are:

    • IAM Role (EC2): For Amazon and Amazon Gov

    • Assume Role: For Amazon and Amazon Gov

    • Assume role EC2: For Amazon and Amazon Gov

    • Credential Broker: For Amazon Gov

    • Service Principal: For Azure

    • Managed Identity: For Azure

  • If you plan to use a proxy for communication with cloud endpoints, gather the required details of the proxy server.

  • Get the Cloud account credentials, and any additional required parameters, as per the authentication type. These credential details should have the required permissions recommended in NetBackup documentation.

    See Permissions required for Amazon S3 cloud provider user.

    See Permissions required for Azure blob storage.

    See Permissions required for GCP.

  • Make sure that the required outbound ports are open, and configurations are done for communication from the backup host or scale-out server to the cloud provider endpoint using REST API calls.

    • On the backup host, S3 or Azure storage URL endpoints use the HTTPS default port 443. For a private cloud provider, this port can be any custom port that is configured in the private cloud storage.

    • If you use a proxy server to connect to the cloud storage, you need to allow that port. You can provide the proxy server-related details in NetBackup, while creating a Cloud object store account.

    • The certificate revocation status check option uses the OCSP protocol, which typically uses HTTP port 80. Ensure that the OCSP URL is reachable from the backup host.

Feedback

Was this page helpful?
Previous

Enhanced backup performance in 11.0 or later

Next

Configuring buffer size for backups

Feedback

Was this page helpful?