Verify that the access nodes that you use for backups of Amazon EC2 instances meet the requirements. Access nodes run backups and other operations.
Deploying a Cloud Access Node from AWS Marketplace
Commvault provides the following AWS Marketplace products to simplify the deployment of Cloud access nodes within AWS:
Supported AWS Regions
Commvault supports all AWS regions that are supported by the AWS SDK for .NET Version 3. For a list of those regions, see Amazon Regions.
AWS Identity and Access Management Requirements
The access node is responsible for performing backup and recovery of the following AWS services:
-
Amazon Elastic Compute Cloud (Amazon EC2)
-
Amazon Elastic Block Store (Amazon EBS)
The access node is also responsible for performing cross-hypervisor restores or VM conversion. For more information, see Amazon Web Services User Permissions for VM Conversion.
Cross-Account Protection
For streaming backups and backup copies, the access node may reside in the account being protected or a shared service account. Fore more information, see Use Service Account Resources.
Operating System Requirements
Linux
You can configure an access node on a Linux instance using one of the following methods:
-
Deploy an AWS Marketplace AMI.
From AWS Marketplace AMI, you can deploy the Commvault Cloud Access Node BYOL to serve as a Linux access node and as a File Recovery Enabler for Linux. This AMI contains all of the components that are required to support Linux operations in the Commvault environment. For more information, see Deploying a Commvault Linux MediaAgent from AWS.
-
Use one of the following Linux distributions:
-
Amazon Linux 2023 AMI 64-bit (Arm) (preferred)
-
Amazon Linux 2023 AMI 64-bit (x86)
-
Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type 64-bit (x86)
-
RHEL 8.5, 8.3, 8.2, 8.1, 8.0, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4 64-bit (x86)
Note
For RHEL 8 instances, to install operating system packages that must enable automatic installation of Mono, register the instances with Red Hat.
-
The following features are not supported when using a Linux access node. Use a Windows access node for these operations.
-
Full instance restores (import method)
-
Conversion from another hypervisor to Amazon EC2 (import method)
-
Conversion from another hypervisor to Amazon EC2 (import method) is not supported when using a Linux access node to convert a Windows guest VM
-
Live sync replication (import method)
For cross-hypervisor restores or replication from VMware to Amazon, you can use an access node that runs on Windows or Linux. If you use an access node that runs on Linux, for both Windows and Linux guest VMs, the drivers must be installed on the source before performing the backup. Otherwise, the replication operation fails. You cannot use a Linux access node for the import method.
Windows
All Windows-compatible processors are supported.
-
Microsoft Windows Server 2019 Editions 64-bit (x86)
-
Microsoft Windows Server 2016 Editions 64-bit (x86)
Note
Microsoft ended mainstream support for all versions of Windows Server 2012 and Windows Server 2012 R2—including Hyper-V Server 2012 and Hyper-V Server 2012 R2, and Core Editions—on October 10, 2023.
Hardware Specifications
Note
For information about hardware requirements for the Virtual Server Agent, see Hardware Specifications for Virtual Server Agent.
Snapshot Only Mode
Processor |
Requirements |
---|---|
64-bit (Arm), Amazon EC2 C6g.large |
|
64-bit (x86), Amazon EC2 C5a.xlarge/C5a.2xlarge |
|
Snapshot and Streaming Mode
The following configurations include standard sizing based on the amount of data protected at the client. The acronym FETB refers to a front-end TB or a TB of protected data at the client, prior to deduplication or compression.
64-bit (Arm)
Available as AWS Marketplace Image. For more information, see Commvault Cloud Access Node ARM BYOL.
Size |
Requirements |
---|---|
Extra small |
|
Small |
|
Medium |
|
64-bit (x86)
Available as AWS Marketplace Image. For more information, see Commvault Cloud Access Node ARM BYOL.
Size |
Requirements |
---|---|
Extra small |
|
Small |
|
Medium |
|
Supported Restores
When you use a 64-bit (Arm) Amazon EC2 instance (AWS Graviton), you can restore only full instances, not individual files and folders.
If you need to restore individual files and folders, deploy a 64-bit (x86) instance.
Storage Requirements
Commvault requires the following minimum storage requirements for self-built access nodes in AWS:
-
1 x 10 GB EBS gp3 volume for the operating system
-
1 x 25 GB EBS gp3 volume for the deduplication database (DDB)
-
1 x 80 GB EBS gp3 volume for the binaries, log files, Job Results folder, and index cache
If performing backups with the Index files after backup option enabled, the location of the Job Results folder should contain additional space to accommodate at least 2 percent of the total amount of data being backed up.
-
The default location for Job Results is:
software_installation_directory\iDataAgent\JobResults
-
The default location for Job Results on AWS Marketplace deployed images is:
/mnt/commvault_jobresults/commvault/iDataAgent/jobResults
Software Dependencies
-
Access nodes must have the mono linux package installed. Access nodes acting as a MediaAgent must have the lvm2 linux package installed for DDB backups. See, Disabling lvmetad for Linux VMs.
-
Access nodes protecting Amazon Elastic File System (EFS) must have the nfs-utils linux package installed to mount EFS exports.
-
Access nodes protecting Amazon FSx for Windows shares must have the cifs-utils linux package installed to mount FSx shares.
-
Access nodes must contain the Commvault Virtual Server Agent (VSA) package, and optionally the Commvault CloudApps package, and MediaAgent.
Supported Restores
-
The Commvault CloudApps package is not currently supported on 64-bit (Arm) instances.
-
Protection of the following AWS services must be performed using a 64-bit (x86) access node at this time:
-
Amazon S3
-
Amazon RDS (including Amazon Aurora)
-
Amazon Redshift
-
Amazon DynamoDB
-
Amazon DocumentDB
Size
Requirements
Extra small
-
5–10 FETB
-
c5a.xlarge (2 vCPU, 4 GB RAM)
Small
-
10–25 FETB
-
c5a.2xlarge (4 vCPU, 8 GB RAM)
Medium
-
25–50 FETB
-
c5.2xlarge (8 vCPU, 16 GB RAM)
-
-
Access Node Placement
For optimal performance, deploy the access node in the same region as the workload and within AWS. The access node must reside in the same region as the workload being protected for optimal data transfer. Commvault recommends deploying access nodes within AWS for optimal backup and restore transfer throughput.
Other areas where access nodes can reside include:
-
Amazon EBS direct API protection allows for the access node to reside anywhere (in region, cross region, on-premises), if the EBS direct service endpoint is accessible. Optimal performance and cost is achieved when locating the access node within the same region and using a VPC endpoint.
-
Commvault HotAdd backup and recovery mode requires that the access node reside in the same region as the workload being protected.
-
Access nodes can reside on-premises for both snapshot (IntelliSnap) and streaming backups. Access nodes can be shared to protect multiple accounts, see Using Resources from and Admin Account.
Network Requirements
-
Commvault supports any Layer 3 network technology both within and between cloud and on-premises. The technology includes Amazon Direct Connect, AWS Site-to-Site VPN, AWS Client VPN.
-
Commvault supports AWS VPC, AWS Transit Gateway, and AWS Privatelink to control and direct traffic between AWS and on-premises networks.
-
The access node requires Layer 3 network connectivity to the AWS service endpoints as described in Requirements for Connectivity to AWS Service Endpoints.
Note
The service endpoints include global endpoints that do not support Amazon VPC endpoints. Commvault can tunnel command and control communication to endpoints using a HTTP Proxy.
-
Commvault recommends the use of Amazon VPC endpoints when data transfer will occur to or from the endpoint. Endpoints include Amazon EBS direct APIs backup and restores, and Amazon S3 backup, recovery and Cloud Libraries.
-
The Virtual Server Agent requires Layer 3 network connectivity to the Commvault MediaAgent on port 8403. You can restrict communication to one-way communication using Commvault Network Topologies.
-
If the MediaAgent and the access node are in different AWS accounts or in different Virtual Private Clouds (VPCs), you can configure Amazon VPC peering, as described in the AWS article VPC peering basics.
Firewall Requirements
In an environment with firewalls, the flow of communication must be permitted by configuring the Amazon EC2 security group on the CommServe, MediaAgent, and access node.
-
The CommServe, MediaAgent, and access node must be able to communicate with each other on TCP: 8400, 8403. Communication may be limited to occur one-way or two-way.
-
The Commvault CommServe must be able to contact the access node on TCP: 8400, 8403 to perform initial installation and client registration and ongoing backup and recovery.
-
The Commvault access node must be able to contact the Commvault MediaAgent on TCP: 8400, 8403 or vice versa.
-
The Commvault MediaAgent must be able to contact the CommServe and access node on TCP: 8400, 8403 or vice versa.
Hardware Requirements
When deploying AWS, follow the hardware requirements for the Virtual Server Agent package. Commvault has two modes of operation for the access node:
-
Snapshot-only mode: Backup and recovery consists solely of orchestrating AWS-native snapshots of Amazon EC2, Amazon RDS, Amazon RedShift, and Amazon DynamoDB instances.
-
Snapshot and streaming mode: Backup and recovery consists of snapshot orchestration (per snapshot-only mode) and the additional creation of a streaming backup copy located on Commvault controlled storage.
All configurations assume that Commvault deduplication is in-use to minimize storage and network egress costs.
Note
For best price-performance, Commvault recommends that you use AWS Graviton instances (64-bit ARM).
Nutanix Cloud Clusters (NC2) with Amazon EC2
Commvault supports data protection and management for Nutanix Cloud Clusters (NC2) on Amazon EC2.
Related Pages
-
How Commvault Uses AWS Permissions for Amazon EC2 Instance Protection
-
Configuring a Firewall to Install the Virtual Server Agent on a Cloud VM or Instance
DISCLAIMER
Certain third-party software and service releases (together, "Releases") may not be supported by Commvault. You are solely responsible for ensuring Commvault’s products and services are compatible with any such Releases.