Backups run faster with AWS direct read support because you can read data off the Amazon EBS snapshots directly without the need to create and attach volumes to the access node.
AWS direct read backups leverage Amazon EBS direct APIs. This feature provides backup acceleration and reduces cost of backup operations.
Key Benefits
-
Read Amazon EBS snapshot blocks (GetSnapshotBlock) without creating or attaching a volume.
-
Back up and restore marketplace volumes.
Supported Configurations
-
Streaming backups
-
Backup copy operations to tape
-
Live browse of Microsoft Windows hosts from a backup copy
-
Live browse of Linux hosts from Amazon EBS snapshots
Required Amazon IAM Permissions
Direct read backups use the Amazon EBS service, and requires the following AWS permissions:
-
ebs:GetSnapshotBlock
-
iam:SimulatePrincipalPolicy
-
ec2:DescribeVpcEndpoints
AWS Reference Topics
-
AWS launches Amazon EBS direct APIs that provide read access to the Amazon EBS snapshot data, enabling backup providers to achieve faster backups of Amazon EBS volumes at lower costs. See AWS What's New.
-
Amazon Elastic Block Store (EBS) direct APIs. See Amazon Elastic Block API reference.
-
Amazon Elastic Block Store (EBS) Pricing, go to Amazon EBS direct APIs for Snapshots.
Amazon EBS direct APIs incur additional costs associated with interacting with the Amazon EBS snapshots, namely a cost per:
- GetSnapshotBlock
User Considerations
-
The security group applied to the VPC endpoint must allow incoming HTTPS (port 443) connections from any and all Commvault Access Nodes to communicate with the endpoint network interface. See, AWS service using an interface VPC endpoint - Amazon Virtual Private Cloud.
-
The Amazon EBS service endpoint must be accessible from the VSA access node directly, without a HTTP proxy. The HTTP proxy setting is not honored for Amazon EBS direct API requests.
For more information about Amazon EBS endpoints for different regions, see Amazon Elastic Block Store endpoints and quotas on the AWS documentation site.
-
The VSA access nodes can reside outside of Amazon, but it is recommended to use the VSA access nodes on Amazon, for better throughput.
-
For maximum throughput, use an 'interface VPC endpoint' for the Amazon EBS service.
For example, in the AWS console, create an interface endpoint in your VPC for the service 'com.amazonaws.us-east-1.ebs'. Ensure that the 'ebs.us-east-1.amazonaws.com' service is resolving to the private IP address of the interface endpoint. If not, add a host file entry to enforce IP address resolution.
-
Since the Amazon EBS direct API backup operation is CPU intensive, the instance type of the access node is a limiting factor for throughput.
-
The service quota for GetSnapshotBlock requests per account per Region is 1,000 per second by default. To increase the service quota limit, you must open a ticket with AWS.
-
If the Amazon EBS VPC endpoint is configured in the access node's VPC settings, but the Amazon EBS endpoint does not resolve to the VPC endpoint’s IP, the software adds a host file entry for the Amazon EBS endpoint name to the internal IP of the Amazon EBS VPC endpoint to avoid egress charges or slow backups and restores.
How It Works
-
Streaming Backups
An AMI contains snapshots corresponding to each volume in the AWS instance. By enabling direct read backups, the list of blocks is obtained from the AMI snapshots of the current backup job. For incremental backups, the changed blocks on the AWS volumes are detected by comparing the AMI snapshots of the previous backup operation. Only the changed blocks are backed up and written to backup media. One AMI is retained after each backup job.
Direct read backups are supported in all AWS regions where Amazon supports Amazon EBS direct read APIs.
Commvault automatically reverts to a HotAdd backup if the required permissions to perform Amazon EBS direct read API operations by the user performing the backup operation are not present.
Related Topics
For a list of operational outcomes for EBS Direct API backups, see: