> Commvault Cloud > Cleanroom Recovery > Setup > AWS Cleanroom Sites

Configure Auto-Scaling for Your AWS Recovery Group

Auto-scaling enhances efficiency and performance, especially for large-scale operations such as cleanroom recovery, by dynamically deploying access nodes in a region only when required, and then promptly powering off and decommissioning the access nodes after they're used.

Not required for Commvault SaaS.

To configure auto-scaling, you select existing or create new VM provisioning settings. VM provisioning settings are used to provision access nodes when access nodes are created—either manually by end users or automatically by the Commvault Cloud software when auto-scaling access nodes.

For creating Amazon EC2 auto-scaled nodes, the Commvault Cloud software supports the manual deployment of only the Linux image of the Commvault Cloud Access Node BYOL and not the Microsoft Windows image.

Note

You can perform cleanroom recovery operations without configuring auto-scaling, but auto-scaling is required to perform threat scans on recovered VMs/instances. For more information about threat scans, see Modify Settings for a Cleanroom Recovery Group.

Step 1: Add an Outbound Security Rule

The virtual private cloud (VPC) must have firewall rules that permit outbound TCP connectivity on port 8403 to your recovered control plane.

The IP address of the virtual checkpoint firewall that provides internet access for the VPC must be provided, and needs to be added to an inbound rule for 8403 and HTTPS (443) in your recovered control plane.

The easiest way to do this is by running a command such as one of the following:

curl wtfismyip.com/text
curl ifconfig.me

The output shows the public IP address that the VM uses to reach the internet. The command works regardless of how the network is set up, whether the VM uses a regular public IP, an elastic IP, or goes through a NAT gateway. Usually, all VMs in the VPC have the same public IP when going through the internet, but not always. It depends on how their networking is configured.

Step 2: Select Existing or Create New VM Provisioning Settings

  1. From the Command Center navigation pane, go to Cleanroom > Recovery groups.

  2. Click the recovery group.

Option 1: Select Existing VM Provisioning Settings

If you already specified VM provisioning settings for an Amazon EC2 hypervisor, you can use those settings for the recovery group.

  1. On the Configuration tab, in the Access nodes section, click VM provisioning settings.

  2. Enable the Associate existing VM provisioning settings toggle key.

  3. For Provisioning hypervisor, select the provisioning hypervisor.

  4. Click Confirm.

Option 2: Create New VM Provisioning Settings

You can create new provisioning settings.

  1. On the Configuration tab, in the Access nodes section, click VM provisioning settings.

  2. Disable the Associate existing VM provisioning settings toggle key.

  3. Click Next.

    The Provisioning Settings wizard appears.

Server Group and IAM Page

  1. From the Server groups list, select the Cleanroom infra to recovered control plane {Unix time of recovery} server group.

  2. From the IAM role list, select an IAM role that has both the AmazonSSMManagedInstanceCore managed policy and the amazon_restricted_role_permissions.json file attached.

    You can find the policy in the AWS Management Console at arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore.

  3. To use the VM provisioning settings for the current hypervisor as the default settings for all Amazon EC2 hypervisors, enable the Set as system default settings toggle key.

    If you enable this setting, when users select an Amazon EC2 hypervisor, they see a visual indication that these settings are the default settings.

  4. To create a public IP address on provisioned access nodes, leave the Create public IP address toggle key selected.

  5. Click Next.

Availability Zone Page

Specify AWS Availability Zones for the access nodes.

  • To use the default security group in the Amazon Virtual Private Cloud (VPC), enable the Deploy access nodes into default VPC toggle key.

    If you select this option, the Commvault Cloud software assigns the default security group that is defined within your VPC, instead of a specific security group for your Amazon EC2 instance. For more information, see Default security group for your VPC in the AWS documentation.

  • To specify a different security group, do the following:

    1. Disable the Deploy access nodes into default VPC toggle key.

    2. Click Add.

    3. From the Availability zone list, select the AWS Availability Zones to create access nodes in.

    4. From the VPC list, select a VPC.

    5. From the Subnet list, select a subnet.

    6. From the Security group list, select a security group.

    7. If you intend to use the access nodes to host deduplication databases, enable the Enable key pair toggle key.

    8. In the confirmation dialog box that appears, click Yes.

    9. From the Key pair list, select the key pair to use for logging on to the access node.

    10. Click Save.

    11. Click Next.

Access Nodes Page

  1. Specify how you want the instance type of the access nodes to be determined:

    • To have the Commvault Cloud software select the instance type, leave the Auto select instance type toggle key enabled.

      An AWS Graviton (Arm-based, 64-bit) image with the C7g.large instance type is used to create the access nodes. If an AWS Graviton (Arm-based, 64-bit) image is not available in the AWS Region, then an x86 image with a C7i.large instance is used.

    • To specify the instance type in these provisioning settings, do the following:

      1. Disable the Auto select instance type toggle key.

      2. From the Instance type list, select an instance type.

        The following AWS instance types are supported:

        • AWS Graviton (Arm-based, 64-bit): C7g.large (default), c6g.large, c6g.xlarge, c6g.2xlarge, r6g.large, r6g.xlarge, r6g.2xlarge, r6g.4xlarge

        • x86: C7i.large (default), c5.large, c5.xlarge, c5.2xlarge, m5a.2xlarge, r5a.large, r5a.xlarge

    • To allow the user to select the instance type when starting a provisioning job, enable the Choose instance type while launching job toggle key.

  2. For Maximum number of access nodes, enter the maximum number of access nodes that can be created in each Region to back up the Amazon EC2 instances in the Region.

    The default value is 10, and the maximum number is 999.

  3. For Select operating system, select the OS for the access nodes.

  4. Click Next.

Advanced Settings Page

  1. To specify a network gateway for the access nodes to communicate with the Commvault Cloud control plane, in the Network gateway box, enter the gateway in the hostname:port format.

  2. To associate users and/or user groups with the VM provisioning settings, from the Security list, select the users and/or user groups.

  3. To require approval for the creation of the access nodes, in the User approval box, enter the names of the users or user groups who you want to give approval capability.

    The users will receive an email notification to approve the creation of the access nodes. When the user approves, the job to create the access nodes starts.

  4. To specify a workflow that will execute when access nodes are created, or before or after provisioned nodes are modified, do the following:

    1. Click Add

    2. From the Workflow type list, select when you want the workflow to execute:

      • Provisioning: The workflow executes when access nodes are created.

      • Pre edit-VM: The workflow executes before access nodes are modified.

      • Post edit-VM: The workflow executes after access nodes are modifed.

    3. From the Workflow list, select the workflow to execute.

      Only workflows with the suffix "_provisioning" appear in this list.

    4. Click Save.

  5. To specify a tag for provisioned access nodes, do the following:

    1. In the Tags section, click Add.

    2. Specify the Workload type to add the tag for:

      • General: Adds the tag to all access nodes.

      • Virtualization: Adds the tag to access nodes for Virtualization workloads.

      • Office 365: Adds the tag to access nodes for Office 365 workloads.

      • Media agent: Adds the tag to MediaAgent access nodes.

    3. In the Key box, enter the key value of the tag.

    4. In the Value, enter the value of the tag.

    5. Click Save.

  6. Click Next.

Summary Page

  1. Review the summary.

  2. Click Submit.

Step 3: Enable Auto-Scaling for the Recovery Group

  1. From the Command Center navigation pane, go to Cleanroom > Recovery groups.

  2. Click the recovery group.

  3. On the Configuration tab, in the Access nodes section, enable the Auto scale toggle key.

Loading...