Note: If you plan to back up your Microsoft 365 data to Windows network storage, we strongly recommend storing the data index on an SSD on your local server, and be sure to keep a stable network connection with the NAS to avoid interrupting the backup process, which might result in corrupted files in your backup repository. This storage type is not as stable as cloud storage, please use at your own risk.

Storage type: Select Windows network location from the dropdown list.

Data index path: Select a local directory to store metadata for your backup.

Note: Since the data index contains the metadata for the backups, access speed is crucially important for the performance of CubeBackup. We strongly recommend that you store the data index on a local SSD. See What is data index for more information.

Network storage path: Manually enter the UNC path for the remote storage, (e.g. \\NAS-HOSTNAME\microsoft365_backup or \\192.168.1.123\microsoft365_backup). Generally, a hostname is preferred over a numeric IP address, especially in an Active Directory domain environment.

Notes:
1. Currently, a mapped drive letter for the network resource is not supported. Please be sure to use the UNC path (e.g. \\NAS-HOSTNAME\microsoft365_backup) instead of a mapped drive (e.g. Z:\microsoft365_backup).
2. Please ensure the backup location has sufficient space to store the data for all users and groups in your Microsoft 365 organization, including any future backups. Since CubeBackup itself keeps a revision history of files, a good rule of thumb is to reserve 2x the estimated data size for your organization. For example, if there are 100 users in your organization and each user has 10Gb of data on average, there should be at least 100 * 10GB * 2 = 2TB of space available for the backup. To estimate the total data size of your Microsoft 365 organization, please see how to check your Microsoft 365 storage usage.

User and password: The username and password to access the network storage.

• For Windows networks using Active Directory, the format of username should <Domain_name>\<User_name>. For example, cubebackup\user is preferred while [email protected] is not supported.
• For Windows networks organized by workgroup, or if the network storage is located outside of your active directory, the format of username should be <NAS_Hostname>\<User_name>. For example, backup_nas\user.

Why are a username and password required?
CubeBackup runs as a service using the system default local service account, which, by design, has not been granted access rights to network resources in Windows. In order for CubeBackup to backup and restore data in your network storage, a username and password must be supplied.

Encrypt backups: If you'd like to store your backup data encrypted, make sure the Encrypt backups option is checked.

Tips:
1. Before clicking the Next button, we highly recommend that you download a copy of the key file using the link in the setup wizard and store it in a separate, safe location. If the key file is lost, your encrypted backup data will be permanently unrecoverable. CubeBackup Inc. does not have access to any key files and will be unable to assist you in recovering your data without it.
2. This option cannot be changed after the initial configuration.
3. Data transfer between Microsoft Azure and your storage is always HTTPS/SSL encrypted, whether or not this option is selected.
4. Encryption may slow down the backup process by around 10%, and cost more CPU cycles.

When all information has been entered, please click the Next button.

Note: If you plan to backup Microsoft 365 data to AWS S3 storage, we strongly recommend running CubeBackup on an AWS EC2 instance (e.g. t3.large instance) instead of a local server. Hosting both the backup server and storage on AWS will avoid the bottleneck of all data moving through a local server and greatly improve the backup performance.

Storage type: Select Amazon S3 from the dropdown list.

Data index path: Select a local directory to store metadata for your backup.

Note: Since the data index contains the metadata for the backups, access speed is crucially important for the performance of CubeBackup. We strongly recommend that you store the data index on a local SSD. See What is data index for more information.

S3 bucket: The unique name of your S3 storage bucket.

Access key ID: The AWS IAM access key ID to authorize access to data in your S3 bucket.

Secret access key: The secret of your AWS IAM access key.

If you are new to Amazon Web Services, please follow the instructions below or watch the demo to create and configure a private Amazon S3 bucket for your backup data. If you are already an experienced AWS user, you may skip to Step 3 directly.

1. Create an AWS account

   If your company has never used Amazon Web Services (AWS) before, you will need to create an AWS account. Please visit Amazon Web Services (AWS), click the Create an AWS Account button, and follow the instructions.

   If you already have an AWS account,you can click Sign In to the console directly.

2. Create an Amazon S3 bucket
   1. Open the Amazon S3 console.
      
   2. Click Create bucket.
      
   3. On the Create bucket page, enter a valid and unique Bucket Name.
      
   4. Select an AWS Region for your data to reside or simply use the default one.
      
   5. Leave the other available options as they are.
      

      Since CubeBackup already has a version control and will overwrite index files frequently, enabling Object Lock and Bucket Versioning in the S3 bucket will result in unnecessary file duplication and cost. We recommend leaving these two features disabled.
      Depending on your company policies, you may wish to enable Default encryption or turn off Block Public Access settings. You can also change the configuration under the Properties tab on the detail page. These options will not affect the functioning of CubeBackup.

   6. It is strongly recommended that you create a separate bucket only for CubeBackup. For more information about creating an S3 bucket, please refer to Amazon's official documentation here.

3. Create an IAM account

   AWS IAM (Identity and Access Management) is a web service that helps you securely control access to AWS resources. Follow the instruction below to create an IAM account for CubeBackup and grant access to your S3 bucket.

   1. Open the AWS IAM console.
      
   2. Select User from the left panel and click Add users.
      
   3. Enter a valid User name (e.g. CubeBackup-S3).
      
   4. Select Attach existing policies directly under Set permissions.
      
   5. Search for the AmazonS3FullAccess policy and check the box in front of it. You can leave the Set permissions boundary empty as default, then click Next.

      Tip: Instead of using the "AmazonS3FullAccess" policy, you can also create an IAM account with permissions to the specific S3 bucket for CubeBackup only.

   6. Click Next, ensure that your IAM user settings are correct, then click Create user.
   7. Choose the name of the intended user in the list.
   8. Choose the Security credentials tab on the user detail page. In the Access keys section, choose Create access key.
   9. On the Access key best practices & alternatives page, choose Application running outside AWS, then choose Next.
   10. Set a description tag value for the access key if you wish. Then choose Create access key.
   11. On the Retrieve access keys page, choose either Show to reveal the value of your user's secret access key, or Download .csv file. This is your only opportunity to save your secret access key. Copy the value of Access key and Secret access key into the corresponding fields in Step 2 of the CubeBackup wizard.
   12. For more information about creating IAM accounts, please refer to Amazon's official documentation here.

Encrypt backups: If you'd like to store your backup data encrypted, make sure the Encrypt backups option is checked.

Tips:
1. Before clicking the Next button, we highly recommend that you download a copy of the key file using the link in the setup wizard and store it in a separate, safe location. If the key file is lost, your encrypted backup data will be permanently unrecoverable. CubeBackup Inc. does not have access to any key files and will be unable to assist you in recovering your data without it.
2. This option cannot be changed after the initial configuration.
3. Data transfer between Microsoft Azure and your storage is always HTTPS/SSL encrypted, whether or not this option is selected.
4. Encryption may slow down the backup process by around 10%, and cost more CPU cycles.

When all information has been entered, please click the Next button.

Note: If you plan to back up Microsoft 365 data to Google Cloud storage, we strongly recommend running CubeBackup on an Google Compute Engine VM (e.g. ec2-standard-2 VM) instead of a local server. Hosting both the backup server and storage on Google Cloud will avoid the bottleneck of all data moving through a local server and greatly improve the backup performance.

Storage type: Select Google Cloud storage from the dropdown list.

Data index path: Select a local directory to store metadata for your backup.

Note: Since the data index contains the metadata for the backups, access speed is crucially important for the performance of CubeBackup. We strongly recommend that you store the data index on a local SSD. See What is data index for more information.

Bucket: The unique name of your Google Cloud Storage bucket.

Storage class: The storage class for the backup data. Coldline is recommended. For more information about Google Cloud storage classes, please visit Storage classes. You can find the pricing details for the different Google Cloud storage classes at Cloud Storage Pricing.

Service account key: The service account key file to authorize access to data in your Google Cloud storage bucket.

If you are new to the Google Cloud Platform (GCP), please follow the instructions or watch the demo below to create and configure a private Cloud Storage bucket for your backup data. If you are already an experienced GCP user, you may skip to Step 3 directly.

1. Create a new project

   GCP uses projects to organize a group of Google Cloud resources. In this new project, you will create a private storage bucket, and manage permissions for these resources.

   1. Log in to Google Cloud Platform (GCP) and select IAM & Admin > Create a Project in the left panel.
      

      You can also choose IAM & Admin > Manage Resources in the left panel to see all projects and select an existing one in which to create your CubeBackup storage bucket.

   2. Click + CREATE PROJECT, enter a valid Project name, confirm the Organization and Location, then click CREATE.
      

   3. At the top of the page, select the newly-created one from the project drop-down list and make it the active project.
      

   4. For a newly-created project, you will need to enable billing before using Cloud Storage. Select the Billing in the left panel and follow the prompts to LINK a BILLING ACCOUNT or CREATE BILLING ACCOUNT.

2. Create a Google Cloud storage bucket
   1. Select STORAGE > Cloud Storage > Buckets from the left panel.
      
   2. In the Buckets page, click + CREATE.
      
   3. In the Create a bucket page, input a valid and unique name for your bucket, and click CONTINUE.
      
   4. Choose a Location type for the bucket (Multi-region or Region is recommended), then select a Location for the bucket and click CONTINUE.
      

      Tips:
      1. Please select the location based on the security & privacy policy of your organization. For example, for EU organizations, you may need to select Europe to be in accordance with GDPR.
      2. If CubeBackup is running on a Google Compute Engine VM, please select a location the same as, or near to, the location of your Google Compute Engine VM.

   5. Choose a default storage class for the backup data (Coldline is recommended), then click CONTINUE.
      
   6. Choose Uniform as the Access control type, then click CONTINUE.
      
   7. Keep the Protection tools and Data encryption as default.
      
   8. Click Create.

3. Create a service account
   1. In the same active project, select IAM & Admin > Service Accounts from the left panel.
      
   2. Click + CREATE SERVICE ACCOUNT.
      
   3. Enter a valid Service account name and a Service account ID will be generated automatically. You can simply use the default one and click CREATE AND CONTINUE.
      
   4. Select Storage Object Admin as the role.
      
   5. Click DONE directly to skip the Grant users access to this service account step.
      
   6. On the Service accounts page, click the Email link of the service account you've just created.
      
   7. Select the KEYS tab of the service account and click ADD KEY > Create new key.
      
   8. Select JSON as the Key type and click CREATE.
      
   9. This will download a service account key file to your local machine. Then you can upload it as the Account key file in Step 3 of the CubeBackup wizard.

Encrypt backups: If you'd like to store your backup data encrypted, make sure the Encrypt backups option is checked.

Tips:
1. Before clicking the Next button, we highly recommend that you download a copy of the key file using the link in the setup wizard and store it in a separate, safe location. If the key file is lost, your encrypted backup data will be permanently unrecoverable. CubeBackup Inc. does not have access to any key files and will be unable to assist you in recovering your data without it.
2. This option cannot be changed after the initial configuration.
3. Data transfer between Microsoft Azure and your storage is always HTTPS/SSL encrypted, whether or not this option is selected.
4. Encryption may slow down the backup process by around 10%, and cost more CPU cycles.

When all information has been entered, please click the Next button.

Note: If you plan to back up Microsoft 365 data to Microsoft Azure Blob Storage, we strongly recommend running CubeBackup on a Microsoft Azure Virtual machine (e.g. B2ms instance) to pair with it. Hosting both the backup server and storage on Azure Cloud will avoid the bottleneck of all data moving through a local server and greatly improve backup performance.

Storage type: Select Azure Blob storage from the dropdown list.

Data index path: Select a local directory to store metadata for your backup.

Note: Since the data index contains the metadata for the backups, access speed is crucially important for the performance of CubeBackup. We strongly recommend that you store the data index on a local SSD. See What is data index for more information.

Endpoint: (optional) The Blob service endpoint of your storage account.

Container: The Container created in your Storage account

Storage account: Your Azure Storage Account

Access key: The key to authorize access to data in your Storage account.

If you are new to Azure Blob Storage, please follow the instructions or watch the demo below to create and configure a private Storage account for your backup data. If you are already an experienced Azure user, you may skip to Step 3 directly.

1. Create a storage account
   1. Log in to Microsoft Azure Portal using an Azure account with an active subscription. This does not require an administrator account in your organization.
      
   2. Select Storage Accounts from the left panel and click + Create.
      
   3. On the Basics tab, select the Subscription and Resource group in which you'd like to create the storage account.
      
   4. Next, enter a valid and unique name for your storage account.
      
   5. Select a Region for your storage account or simply use the default one.
      

      Note: Please select the location based on the security & privacy policy of your organizations. For example, for EU organizations, you may need to select Europe to be in accordance with GDPR.

   6. Select the Performance tier. Standard is recommended.
      
   7. Choose a Redundancy policy to specify how the data in your Azure Storage account is replicated. Zone-redundant storage (ZRS) is recommended. For more information about replication strategies, see Azure Storage redundancy.
      
   8. On the Data protection tab, uncheck Enable soft delete for blobs. Since CubeBackup constantly overwrites the SQLite files during each backup, enabling this option would lead to unnecessary file duplication and extra costs.
      
   9. Additional options are available under Advanced, Networking, Data protection and Tags, but these can be left as default.
      
   10. Select the Review + create tab, review your storage account settings, and then click Create. The deployment should only take a few moments to complete.

2. Get Access key

   To authenticate CubeBackup's requests to your storage account, an Access key is required.

   1. In the detail page of your newly created storage account, select Access keys under Security + networking from the left panel.
      
   2. On the Access keys page, click Show keys.
      
   3. Copy the access key from the Key text box of either key1 or key2 and paste it into the Access key textbox in the CubeBackup configuration wizard.

3. Create a container
   1. In the detail page of your newly created storage account, click Containers under Data storage from the left panel.
      
   2. On the Containers page, click + Container.
      
   3. Enter a valid Name and ensure the Public access level is Private (no anonymous access). You can leave the other Advanced settings as default.
      
   4. Click Create.

Encrypt backups: If you'd like to store your backup data encrypted, make sure the Encrypt backups option is checked.

Tips:
1. Before clicking the Next button, we highly recommend that you download a copy of the key file using the link in the setup wizard and store it in a separate, safe location. If the key file is lost, your encrypted backup data will be permanently unrecoverable. CubeBackup Inc. does not have access to any key files and will be unable to assist you in recovering your data without it.
2. This option cannot be changed after the initial configuration.
3. Data transfer between Microsoft Azure and your storage is always HTTPS/SSL encrypted, whether or not this option is selected.
4. Encryption may slow down the backup process by around 10%, and cost more CPU cycles.

When all information has been entered, please click the Next button.

CubeBackup supports AWS S3 compatible storage, such as Wasabi and Backblaze B2.

• To create a storage bucket on Wasabi Cloud Storage, please refer to Backup Microsoft 365 to Wasabi.
  
• To create a storage bucket on Backblaze B2 storage, please refer to Backup Microsoft 365 to Backblaze B2.

Note: S3 compatible cloud storage is not usually as stable as AWS S3. Please use at your own risk.

Storage type: Select Amazon S3 compatible storage from the dropdown list.

Data index path: Select a local directory to store metadata for your backup.

Note: Since the data index contains the metadata for the backups, access speed is crucially important for the performance of CubeBackup. We strongly recommend that you store the data index on a local SSD. See What is data index for more information.

Endpoint: The request URL for your storage bucket.

Bucket: Your S3 compatible storage bucket.

Access key ID: The key ID to access your S3 compatible storage.

Secret access key: The access key value to your S3 compatible storage.

Encrypt backups: If you'd like to store your backup data encrypted, make sure the Encrypt backups option is checked.

Tips:
1. Before clicking the Next button, we highly recommend that you download a copy of the key file using the link in the setup wizard and store it in a separate, safe location. If the key file is lost, your encrypted backup data will be permanently unrecoverable. CubeBackup Inc. does not have access to any key files and will be unable to assist you in recovering your data without it.
2. This option cannot be changed after the initial configuration.
3. Data transfer between Microsoft Azure and your storage is always HTTPS/SSL encrypted, whether or not this option is selected.
4. Encryption may slow down the backup process by around 10%, and cost more CPU cycles.

When all information has been entered, please click the Next button.