Home -> Thank you for assessing Bacula Trial Edition -> Step 3: Using Bacula Trial Edition -> Scenario 7: Backup using the Cloud plugin

Scenario 7: Backup using the Cloud plugin

In this scenario we will backup a Linux and/or Windows client from BWeb Management Suite using the Cloud plugin. We will use Amazon’s Simple Storage Service (Amazon S3) object storage architecture to store the cloud volumes. Alternatively, you can also see the video: How To: Add Cloud Storage in Bacula Enterprise

For a Windows client, it will be necessary to have a Windows system (on physical hardware or a virtual machine) with the Bacula Enterprise Edition File Daemon installed as described in scenario 5 above.

For a Linux client, the one previously installed for the Trial will be used. You must use the Trial to follow this scenario as some folders used by the Cloud plugin have already been created on it.

To follow the examples in this scenario, you will need an Amazon Web Services (AWS) account to store your backups in the cloud.

If you do not have, or do not want to use your current cloud provider, we recommend that you create an Amazon Web Services (AWS) account and follow the AWS Best Practices to have a restricted user with credentials to be used with the Kickstart only for the backup purposes.

Please go to https://aws.amazon.com/free/ to find more information and to create your AWS account.

Please find the AWS Best Practices guide here: http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html .

The Cloud plugin provides the AWS Command Line Interface (CLI) that will be used to perform the procedures explained below. The commands are available in a Linux shell. Please find more details about the AWS Command Line Interface (CLI) here: https://aws.amazon.com/documentation/cli/

The procedure below demonstrates how to have an IAM restricted user created with its own credentials with an attached policy to access a specific bucket for use with the Kickstart trial. Please note you will need to create the bucket prior to following this procedure by using the AWS root credentials or any other IAM user with the necessary permissions.


  1. Create IAM restricted user:
  1. # aws iam create-user --region=us-east-1 --endpoint-url https://iam.amazonaws.com --user-name backup_user
  2. {
  3. "User": {
  4. "UserName": "backup_user",
  5. "Path": "/",
  6. "CreateDate": "2017-04-02T14:22:46.017Z",
  7. "UserId": "user-id-value",
  8. "Arn": "arn:aws:iam::account-id:user/backup_user"
  9. }
  • }


  1. Create a new AWS secret access key and corresponding AWS access key ID for the specified user:
  • Note: The default status for a new key is “Active”.
  • # aws iam create-access-key --region=us-east-1 --endpoint-url https://iam.amazonaws.com --user-name backup_user
  • {
  1. "AccessKey": {
  2. "UserName": "backup_user",
  3. "Status": "Active",
  4. "CreateDate": "2017-04-02T14:28:06.436Z",
  5. "SecretAccessKey": "secret-access-key-value",
  6. "AccessKeyId": "access-key-id-value"
  7. }
  • }


  1. Create a policy using a json policy document:
  • # cat backup_user-policy
  • {
  1. "Version": "2012-10-17",
  2. "Statement": [{
  3. "Effect": "Allow",
  4. "Action": "s3:ListAllMyBuckets",
  5. "Resource": "arn:aws:s3:::*"
  6. },{
  7. "Effect": "Allow",
  8. "Action": [
  9. "s3:ListBucket",
  10. "s3:GetBucketLocation"
  11. ],
  12. "Resource": "arn:aws:s3:::baculavolumes-us"
  13. },{
  14. "Effect": "Allow",
  15. "Action": [
  16. "s3:PutObject",
  17. "s3:GetObject",
  18. "s3:DeleteObject"
  19. ],
  20. "Resource": "arn:aws:s3:::baculavolumes-us/*"
  21. }]
  22. }
  23. # aws iam create-policy --region=us-east-1 --endpoint-url https://iam.amazonaws.com –policy-name backup_user-policy --policy-document file://backup_user-policy
  24. {
  25. "Policy": {
  26. "PolicyName": "backup_user-policy",
  27. }
  28. }
  29. "CreateDate": "2017-04-02T22:24:10.423Z",
  30. "AttachmentCount": 0,
  31. "IsAttachable": true,
  32. "PolicyId": "policy-id-value",
  33. "DefaultVersionId": "v1",
  34. "Path": "/",
  35. "Arn": "arn:aws:iam::account-id:policy/backup_user-policy",
  36. "UpdateDate": "2017-04-02T22:24:10.423Z"
  1. Assign the policy to the IAM user:
  1. # aws iam attach-user-policy --region=us-east-1 --endpoint-url https://iam.amazonaws.com –user-name backup_user --policy-arn arn:aws:iam::account-id:policy/backup_user-policy
  1. Create a us-east-1 region (US Standard) bucket:
  1. # aws s3 mb --region=us-east-1 --endpoint-url https://iam.amazonaws.com s3://us-1-volumes
  1. Test listing bucket content using backup_user's credentials:
  1. # aws s3 ls --recursive --region us-east-1 --endpoint-url https://s3.amazonaws.com s3://us-1-volumes


Now we are ready to create the new Bacula resources needed for backups using a S3 compatible object storage solution.

To be able to use the Cloud plugin, we will create a new Cloud resource and a new Storage using BWeb Management Suite.

  1. In BWeb Management Suite, click Configuration --> Configure Bacula.


  1. Click on the Storage Daemons icon in the Bacula Enterprise Components box, then choose the Clouds tab in the top menu to create a Cloud resource.


  1. Click the green "plus sign" icon to add a new Cloud resource and fill in all the information as shown in the image below. Please note that the Region field at the bottom may also need to be modified to match your environment.


  1. Click on the Add button.


  1. Once the Cloud resource has been created, click the Devices menu item to create a new Device resource. Click the green "plus sign" to add a new Device resource and fill in all the information as shown in the image below.

Note: The Archive Device field is important in this page. The directory specified must exist, and there must be enough free space to store Cloud volumes in the "local cache". Depending on the choices made during the installation of the Kickstart Trial, there may be more free space in another directory. This default location is OK to run some small test backups.

  1. Click on the Add button.


  1. Next, we need to create a Storage resource in the Director that points to this new device called "Cloud-Drive-Bucket-us-1-volumes".


  1. Click on the Storages/Autochangers tab in the main menu.


  1. Select an already made Storage (for example DEFAULT), then copy it by clicking on the Copy button on the top right of the resource window. Rename it to "Cloud-Storage" then press OK. Fill in all the information as in the image below.

Note: The Address will most likely be different here, or it may even point to a FQDN depending on your network environment. Whatever is pre-filled in for the Address should be correct, and should be left as-is.

  1. Click on the Save button. Now all the changes we have made are in the Workset, but they have not been committed to the production configuration, as shown in the image below.


  1. Click "Workset" in the top menu to see the current uncommitted changes.
  1. Click "Commit" to commit the change to the production configuration.


  1. Once the Workset is committed, the Director must be reloaded, and the Storage daemon must be restarted in order to use this new Cloud configuration.
  1. You can check the status of the new Storage created. To do this, we first need to leave configuration mode by clicking on the Bacula Enterprise title on the top menu.


  1. Next, select Storages --> then Manage Device. A list of Storage devices appears. Select the new “Cloud-Storage” device from the list, then click on the Status button. You should have an output like:
  1. You can also check the connection status between the new Storage created and a Client previously created.
    To do this, select Storages from the main menu, then Storage Overview. Choose the new Cloud storage from the drop-down list. Click on the Network test button. A new window is displayed. Select one client in the Client list and the new “Cloud-Storage” device in the Storage list. Then click on the Run Test button.

    You should have an output like:

If both the Status and Network tests run as expected, the next step is to run a backup job to our new Cloud storage device.

You can use Scenario 1: “Backing up files from /usr folder via Bweb Management Suite” to run backup tests for a Linux host, and you can use Scenario 5: “Backup a Windows client with Bweb Management Suite” to run backup tests for a Windows host.

When testing restores, you can use Scenario 2: “Restoring files from your previous backup using BWeb Management Suite” to run restore tests for the Windows and Linux hosts.

In all cases, please note you will need to select the “Cloud-Storage” storage in order for your backup/restore job to use the Cloud device created in this scenario.


Congratulations! We hope that you enjoyed using Bacula Trial Edition. You still have the opportunity to further test some of your Bacula Trial  installations’ other features. Please refer to our main manual, in particular the chapters "A Brief Tutorial" and "Getting Started with Bacula".

Please select one of the following icons that best indicate your experience with the Bacula Trial version. [3-level smiley faces] If you have any comments or suggestions please fill out the feedback form and let us know. We'll get back to you in a timely fashion, and would like to thank you in advance.

For more information about plugins, support options, features, training and pricing, please contact the sales team via our contact form.

If you are not able to complete these scenarios, or have an issue regarding any products, please contact the sales team via our contact form.


Bacula Enterprise is used by a large number of high-profile customers. Each one exploits the special qualities of Bacula in a variety of different ways.

With our best regards,
The Bacula Systems Support Team

Additional notes: The Trial software is not usable one month after the first run job.

The appliance will stop working after 30 days. Please contact us if you need more time.