Acronis Cyber Protect

Acronis Cyber Protect backs up to S3-compatible object storage. Because Exaba presents a standard S3 API, Acronis can use an Exaba cluster as a backup storage location, including for immutable backups via S3 Object Lock.

Compatibility note. Acronis Cyber Protect targets Exaba through the standard S3-compatible API. Acronis publishes an official Exaba S3 storage integration, and backups and restores have been tested by Exaba.

Prerequisites

  • Acronis Cyber Protect Cloud (or Acronis Cyber Protect), with a backup or management agent installed.
  • Cyber Administrator or Company Administrator access in Acronis.
  • Network reach to the Exaba S3 endpoint over HTTPS (port 443), with a TLS certificate the Acronis agent trusts.
  • A dedicated Exaba IAM user. Acronis does not accept root or admin access keys for a backup location.

Step 1: Create the bucket

  1. Create a bucket dedicated to Acronis. For immutable backups, enable Object Lock at creation time (it cannot be enabled on an existing bucket) and ensure versioning is enabled.
  2. Do not set a bucket-level default retention. Acronis applies immutability per object based on its own retention setting (Step 4); a bucket default can conflict and cause unpredictable behaviour.

Step 2: Create an IAM user for Acronis

  1. Create an Exaba IAM user for Acronis, then issue an access key and secret. Do not use root or admin keys.
  2. Scope a role to the Acronis bucket only. The policy below covers the S3 and Object Lock operations Acronis uses for immutable backups, scoped to a single bucket for least privilege. Replace acronis-backups with your bucket name:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AcronisBucket",
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:GetBucketVersioning",
        "s3:GetBucketObjectLockConfiguration",
        "s3:ListBucket",
        "s3:ListBucketVersions"
      ],
      "Resource": "arn:aws:s3:::acronis-backups"
    },
    {
      "Sid": "AcronisObjects",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:GetObjectRetention",
        "s3:PutObjectRetention"
      ],
      "Resource": "arn:aws:s3:::acronis-backups/*"
    },
    {
      "Sid": "AcronisListBuckets",
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": "arn:aws:s3:::*"
    }
  ]
}

These are the S3 and Object Lock operations Acronis uses for immutable backups. See the IAM Walkthrough for creating users, roles, and bucket policies on Exaba.

Step 3: Add the storage location in Acronis

In Acronis Cyber Protect Cloud, go to Backup Storage → + Add Location → Public cloud → S3 compatible → Connect, then provide:

  • Management agent: the agent that will manage this location.
  • Endpoint URL: the Exaba S3 endpoint as an HTTPS URL, for example https://s3.example.com.
  • Access key ID / Access key secret: the credentials from Step 2.
  • Location name: a name for the location.
  • Bucket: select the Acronis bucket.

Step 4: Enable immutability

Acronis immutable storage uses S3 Object Lock. When adding the location, enable Backup immutability period (Days) and set the number of days. The bucket must have Object Lock enabled (Step 1).

Limitation on Exaba today. Acronis’s immutability guidance relies on an S3 lifecycle rule to delete noncurrent object versions and keep storage from growing. Exaba’s lifecycle policies are on the roadmap and not shipping yet, so that automatic cleanup is not available; plan capacity for retained noncurrent versions until lifecycle support ships.

Step 5: Run and verify

  1. Apply a protection plan that targets the Exaba location and run a backup.
  2. For immutable backups, confirm the resulting objects carry an Object Lock retention attribute, and that an attempt to delete a locked object before retention expiry is rejected with 403.
  3. Run a restore to confirm recovery works end to end.

Exaba is one layer in your data-protection strategy

Important: Exaba provides a durable, immutable backup target, but it is one layer in a broader data-protection strategy, not a complete one. Follow established practice: keep multiple copies, in independent locations, and verify them regularly. Customers are responsible for configuring and operating Exaba appropriately for their environment.

See also