You can restore full Amazon EC2 instances to an alternate Region and/or AWS account (out of place).
Prerequisites
-
If a passkey is configured for restores, you must have the passkey.
-
The AWS IAM identity (user, role) selected for the restore must have the amazon_restricted_role_permissions.json role applied with permissions to perform restores. For more information, see IAM Policies for Protecting AWS Services with Commvault.
Start the Restore Wizard
-
From the Command Center navigation pane, go to Protect > Virtualization.
The Overview page appears.
-
On the VM groups tab, in the row for the VM group that contains the EC2 instances that you want to restore, click the action button , and then click Restore.
The Select restore type page appears.
-
Click Full instance.
The Full instance page appears.
-
Select the check boxes for the EC2 instances to restore.
To select all EC2 instances, select the check box above the list of EC2 instances.
-
To select a specific MediaAgent and/or source for the restore, in the upper-right area of the page, click the Settings button .
By default, the Commvault software automatically selects the MediaAgent and source as follows:
-
MediaAgent: The software uses the MediaAgent that performed the backup.
-
Source: By default, the software searches for the requested data in the primary copy. If the data is not found in the primary copy, the software selects a secondary or auxiliary copy.
For more information, see MediaAgent and Copy Precedence Considerations for Virtualization Restores.
-
-
Click Restore.
The restore wizard appears.
Specify the Restore Destination
-
For Type, select Out of place.
-
For Restore as, leave Amazon Web Services selected.
-
From the Destination list, select the AWS account to restore the EC2 instances to.
-
For Access node, leave Automatic (the default value) selected, or select an access node or an access node group.
Best practice is to always use the Automatic option because it does the following:
-
Selects the most appropriate access nodes (that is, access nodes in a matching availability zone and Region)
-
Provides resiliency against access node failure (that is, if an access node fails during a restore, the Commvault software restarts the restore on other, available access nodes)
When a restore includes multiple EC2 instances, the Automatic option distributes the workload across the access nodes that are assigned for the destination AWS account (that is, the destination hypervisor). The EC2 instances are assigned to the access nodes that are in the same region.
If you select a specific access node group, the Commvault software distributes the workload across the access nodes that are available in the access node group.
If you select a specific access node that is outside of AWS, the restore uploads volume information to Amazon S3 and uses the volumes to create the EC2 instance.
Caution
When you restore an EC2 instance from an Amazon S3 library in one region to another region, consider Amazon VPC egress costs. For information about costs, see Overview of Data Transfer Costs for Common Architectures in the AWS Architecture Blog.
-
-
Click Next.
The Virtual Machines page appears.
By default, an out-of-place restore requires you to select a destination network. This requirement is indicated by a red alert on the Virtual Machines page.
Specify Restore Settings for the EC2 Instances
-
To modify the restore settings for one or more EC2 instances, select the EC2 instances, click Edit, and then specify the following:
-
For the names of the restored EC2 instance or instances, specify the following:
-
For a single EC2 instance, in VM display name, enter a name for the restored EC2 instance.
-
For multiple EC2 instances, you can add a prefix and/or a suffix to the names of the source EC2 instances. For example, you can add a suffix of "-restored".
The Commvault software sets the AWS Resource Tag 'Name' to the value that you enter in VM display name. For information about which characters are supported for AWS Resource tags, see Tagging your AWS resources in the AWS documentation.
-
-
Availability zone: Select the destination availability zone for the new EC2 instance.
-
Instance type: The Automatic option (the default value) attempts to restore the EC2 instance as the same instance type as the source EC2 instance. To restore as a different EC2 instance type, select that instance type.
-
Volume type: The Automatic option (the default value) attempts to re-create each Amazon EBS volume with the same type as the source EC2 instance. To restore with a different Amazon EBS volume type for all volumes, select that volume type.
The following volume types are supported by Commvault:
-
General Purpose SSD (gp2)
-
General Purpose SSD (gp3)
-
Provisioned IOPS SSD (io1)
-
Provisioned IOPS SSD (io2)
-
Throughput Optimized HDD (st1)
-
Cold HDD (sc1)
-
Magnetic (standard)
-
-
Encryption key: To modify the AWS KMS key that is used to encrypt the restored Amazon EBS volumes, select a KMS key that is in the destination account.
By default, the Commvault software restores each EBS volume with the same AWS KMS encryption key that is used on the source. Often, when you restore across Regions or AWS accounts, you must select a new KMS key in the destination account.
The same key is used to encrypt all restored EBS volumes. The Commvault software does not support the selection of a KMS key for each EBS volume that is being restored. Commvault automatically detects whether the selected KMS key ID is a multi-region key and uses the replica key in the destination Region (if a replica key is available). For more information, see Creating multi-Region keys in the AWS documentation.
-
Key pair: Enter the Amazon EC2 key pair to access the restored EC2 EC2 instance.
-
If you are restoring multiple EC2 instances, specify whether to use the source network configuration or a different configuration:
-
To re-create the source network—VPC, Subnets, Security Groups, elastic network interfaces (ENIs)—as part of the restore, move the Restore source network configuration toggle key to the right.
-
To restore to an existing VPC in the destination AWS account, do the following:
-
Leave the Restore source network configuration toggle key turned off (the default value).
-
For Network, to select an Amazon Virtual Private Cloud (VPC) network, subnet, and ENI, do the following:
-
Click the browse button.
For information about protection of VPC resources, see Amazon VPC Resources That Commvault Protects.
The Select network settings dialog box appears.
-
Select an existing ENI or create a new ENI.
When you create a new ENI, you can specify an IP address.
-
Click Save.
-
-
To specify a custom IPv4 primary IP address for Network Interface 1 (Primary Interface) for the EC2 instance, in Private IP address, enter the IPv4 address.
Important
If you enter an IP address that is not within the available range or that is already in use, the restore fails.
-
By default, the Commvault software attempts to assign the same security group from the source EC2 instance to the restored EC2 instance. If you are restoring across AWS accounts, Commvault enables the Auto select security group toggle key. You can disable the Auto select security group toggle key, andthen select an existing security group from the destination AWS account.
-
-
-
Disable tags: If the source EC2 instance has AWS resource tags, then those tags are displayed in the VM tags area (excluding the Name tag and the AWS reserved tags), and you can add, modify, or delete tags.
Important
-
Commvault does not recommend disabling tags. Tags are crucial to cloud financial management, cloud operations, and cloud security posture management. Removing tags might cause your EC2 instance to not be managed in accordance with your organization's policies.
-
For backups that occurred in Commvault Platform Release 2022E (11.28) or earlier, if you add new tags to the restored instances, the previous tags are removed.
-
-
-
Click Next.
The Restore Options page appears.
Specify Settings for the Restore Operation
-
Specify the following settings:
-
Power on VMs after restore: Select this setting to have Commvault start the EC2 instances after they are restored.
The power state of the EC2 instance does not affect subsequent backups. If the EC2 instance is powered on during backups, by default, the EC2 instance is powered on again after the restore completes (unless you clear this check box).
-
Unconditionally overwrite if it already exists: If an EC2 instance that you are restoring and an EC2 instance in the destination AWS account have the same instance ID, select this setting have Commvault delete the instance in the destination AWS account and replace it with the EC2 instance that you are restoring.
Important
If an EC2 instance that you are restoring and an EC2 instance in the destination AWS account have the same instance ID, and you do not select Unconditionally overwrite if it already exists, the restore fails.
-
Reuse existing VM client: If an EC2 instance that you are restoring and an EC2 instance in the destination AWS account have the same instance ID, select this setting have Commvault reuse the EC2 instance in the destination AWS account and map its information (such as client name, host name, and client ID) to the source EC2 instance.
-
Notify user on job completion: Select this setting have Commvault send an email notification that the restore is complete.
For Commvault to send an email notification, you must configure an email server.
-
Under Additional options, for Transport mode, select the mode to use for the restore:
-
Automatic (default): This option selects a mode as follows:
-
If the requirements for the Amazon EBS Direct mode are met, then the Amazon EBS Direct mode is used.
-
If the requirements for the Amazon EBS Direct mode are not met, and the requirements for the HotAdd mode are met, then the HotAdd method is used.
-
If the requirements for the Commvault HotAdd method are not met, then the AWS VM Import/Export method is used.
-
-
Amazon EBS Direct
-
AWS VM Import/Export
With the AWS VM Import/Export mode, the Commvault software creates an Amazon S3 bucket in the destination AWS account to stage VHDX copies of each volume. The VHDX copies of the volumes are used by the AWS VM Import/Export service to re-create the EC2 instances. The S3 staging bucket is named gx-restore-region_name-account_id, where region_name is the name of the destination AWS region and account_id is the ID of the destination AWS account for the restored EC2 instances.
-
Commvault HotAdd
If you select Commvault HotAdd, you must either enter the guest credentials or have the drivers pre-installed on the EC2 instances.
If you use either the Amazon EBS Direct mode or the Commvault HotAdd mode, you can restrict the scope of the auto-selected Amazon Machine Images (AMIs) that are used during the restore. For more information, see Enabling Specific AMI IDs for Restores and Replication.
-
-
-
Click Next.
The Summary page appears.
Review the Summary and Start the Restore
-
Review the summary to verify the settings.
-
Click Submit to start the restore.
Related Topics
For current, known restrictions to Amazon EC2 restores, see Restrictions and Known Limitations for Protecting Amazon EC2 with Commvault.