> Commvault Cloud > File & Object Storage > Files > Configuring Backups for Cloud

Configuring Backups for File Server in Amazon Web Services

You can configure backups for file servers on an AWS EC2 instance. The configuration wizard guides you through the configuration process, which includes creating any new entities that are needed, such as a backup plan and a cloud storage.

Start the Configuration Wizard

  1. Log on to metallic.io.

    The Service Catalog page appears.

  2. On the Files tile, click Configure, and then click File server.

    The Configure File Server Backup page appears.

If you have already completed the initial setup, follow these steps:

  1. From the navigation pane, go to Protect > Files.

    The file servers Overview page appears.

  2. On the Files tab, in the upper-right area of the page, click Add Server.

    The Configure File Server page appears.

  3. Select File server and click Next.

    The Configure File Server Backup page appears.

Specify the File Server Environment

  1. Select File server running in the cloud VM, and then from the Select vendor list, select Amazon Web Services.

    An active trial or an active subscription is required.

  2. Click Next.

    The File Server Backup Overview page appears.

  3. Select a backup method, and then click Next.

    The Configure Permissions page appears, where you must enable IAM Role authentication.

Configure Permissions

Note

For the Backup using Metallic Infrastructure backup method, you can use only STS Assume Role with IAM Policy Authentication for authentication.

IAM Role Authentication Method

  1. From the Authentication method list, select IAM role.

  2. Verify an existing CommvaultRole IAM role or create a new CommvaultRole IAM role:

    • If the CommvaultRole IAM role was previously created for another AWS workload, do the following:

      1. Verify that the IAM policies for the AWS workload are still attached to the CommvaultRole IAM role.

      2. At the bottom of the page, select the confirmation check box.

      3. Click Next.

        The Region page of the configuration wizard appears.

    • If the CommvaultRole IAM role does not exist yet, create it in AWS.

      Steps to create CommvaultRole IAM role

      1. Click the Launch the CloudFormation Stack link to open the AWS console.

        Important

        If you do not have permission to create a role in the AWS account, copy the Launch the CloudFormation Stack link and share it with your AWS IAM administrator.

      2. Log on to the AWS console.

        The Quick create stack page appears.

      3. Under Capabilities, read the information about the template, and then select the acknowledgment check box.

      4. Click Create stack.

        Wait for the CloudFormation Stack to finish creating the CommvaultRole IAM Role. The CloudFormation Stack creates IAM policies for all supported AWS workloads, and then attaches the policies to CommvaultRole.

      5. Return to the Commvault Cloud configuration wizard.

      6. At the bottom of the page, select the confirmation check box.

      7. Click Next.

        The Region page of the configuration wizard appears.

Access and Secret Key Authentication

  1. From the Authentication method list, select Access and secret key.

  2. Verify an existing CommvaultUserGroup IAM user group or create a new CommvaultUserGroup IAM user group:

    • If the CommvaultUserGroup IAM user group was previously created for another AWS workload, do the following:

      1. Verify that the IAM policies for the AWS workload are still attached to the CommvaultUserGroup IAM user group.

      2. At the bottom of the page, select the confirmation check box.

      3. Click Next.

        The Region page of the configuration wizard appears.

    • If the CommvaultUserGroup IAM user group does not exist yet, create it in AWS.

      Steps to create CommvaultUserGroup IAM user group

      1. Click the Launch the CloudFormation Stack link to open the AWS console.

        Important

        If you do not have permission to create a role in the AWS account, copy the Launch the CloudFormation Stack link and share it with your AWS IAM administrator.

      2. Log on to the AWS console.

        The Quick create stack page appears.

      3. Under Capabilities, read the information about the template, and then select the acknowledgment check box.

      4. Click Create stack.

        Wait for the CloudFormation Stack to finish creating the CommvaultUserGroup IAM user group. The CloudFormation Stack creates IAM policies for all supported AWS workloads, and then attaches the policies to CommvaultUserGroup.

      5. Go to the IAM dashboard.

        The IAM dashboard page appears.

      6. Select Users, and then click Add users.

        The Add user page appears.

      7. Enter a name for the user (for example, MetallicSvcUser).

      8. Select the Access key - Programmatic access check box.

        Commvault Cloud does not need AWS Console Access.

        This setting creates an access key for each new user.

      9. Click Next to set permissions.

      10. Select Add user to group, and then select the CommvaultUserGroup IAM user group.

      11. Optionally, you can set IAM tags which are key-value pairs you can add to your user.

      12. Click Review to display the user details.

      13. Click Create user.

        A message confirms that the user is created successfully. From here, you can download the .csv file and view details about the access and secret key for the new user.

      14. Verify that the IAM policies for the AWS workload are still attached to the CommvaultUserGroup IAM user group.

      15. At the bottom of the page, select the confirmation check box.

      16. Click Next.

        The Region page of the configuration wizard appears.

STS Assume Role with IAM Policy Authentication

  1. From the Authentication method list, select STS assume role with IAM policy.

  2. Verify an existing CommvaultAdminRole IAM role or create a new CommvaultAdminRole IAM role in the AWS admin account:

    • If the CommvaultAdminRole IAM role was previously created for another AWS workload, do the following:

      1. Verify that the CommvaultAdminRole-STSAssumePolicy IAM policy for the AWS workload is attached to the CommvaultAdminRole IAM role.

      2. At the bottom of the page, select the confirmation check box.

      3. Click Next.

        The Region page of the configuration wizard appears.

    • If the CommvaultAdminRole IAM role does not exist yet, create it in AWS.

      Steps to create CommvaultAdminRole IAM role

      1. Click the Launch the CloudFormation Stack link to open the AWS console for the AWS admin account.

        Important

        If you do not have permission to create a role in the AWS account, copy the Launch the CloudFormation Stack link and share it with your AWS IAM administrator.

      2. Log on to the AWS console.

        The Quick create stack page appears.

      3. Under Capabilities, read the information about the template, and then select the acknowledgment check box.

      4. Click Create stack.

        Wait for the CloudFormation Stack to finish creating the CommvaultAdminRole IAM role. The CloudFormation Stack creates an IAM policy called CommvaultAdminRole-STSAssumePolicy for STS Assume Role authentication, and then attaches the policy to CommvaultAdminRole.

      5. Return to the Commvault Cloud configuration wizard.

Region

  1. Select the region where the file server is located.

  2. Click Next.

    If you have selected Backup using Metallic Infrastructure as the backup method, then the Select Cloud Storage page of the configuration wizard appears.

    If you have selected Backup using the gateway as the backup method, then the Backup Gateway page of the configuration wizard appears.

Backup Gateway

Backup gateways connect with, discover, back up, and restore your data source (which the Commvault Cloud control panel cannot access directly). Backup gateways also move data to and from the access nodes to the storage targets. Backup gateways also perform deduplication operations before moving data to storage targets. A backup gateway is required to back up file servers without egress charges.

  1. Select an existing backup gateway or create a new backup gateway.

    Steps to add a backup gateway with IAM role authentication method

    1. Click the add button add/plus button - gray - no border.

      The Add a new backup gateway dialog box appears.

    2. For Platform, select the OS for the backup gateway.

    3. Click Generate link.

      An AWS CloudFormation template is created based on the region and the operating system that you selected.

    4. Click the Launch CloudFormation Template link to open the AWS console.

    5. Log on to the AWS console.

      The Quick create stack page appears.

    6. Under Parameters, enter the following information:

      1. From the EC2 Instance Type list, select the type of EC2 instance to use for the backup gateway.

      2. From the EC2 Key Pair list, select a key pair to use to access the Commvault Cloud backup gateway.

      3. From the VPC ID list, select an Amazon Virtual Private Cloud (VPC).

      4. From the Subnet ID list, select a subnet.

      5. From the VPC CIDR list, select a VPC CIDR.

      Note

      Port 8403 opens on backup gateways only when the request comes from the IP ranges that are listed in the VPC CIDR field.

    7. Click Create stack.

      Wait for the Commvault Cloud backup gateway to be created.

    8. Return to the Commvault Cloud configuration wizard.

    9. Refresh the list of backup gateways, and then select the backup gateway that you created.

    Steps to add a backup gateway with STS assume role with IAM policy and Access and secret key authentication methods

    1. Click the add button add/plus button - gray - no border.

      The Add a new backup gateway dialog box appears.

    2. For Platform, select the OS for the backup gateway.

    3. Click Generate link.

      An AWS CloudFormation template is created based on the region and the operating system that you selected.

    4. Click the Launch CloudFormation Template link to open the AWS console.

      Note

      If AWS EBS encryption is enabled for your region in your AWS account, to use the template, you must be a key user for the default encryption key. If you are not a key user for the default encryption key, copy the Launch Cloud Formation Template link and share it with someone who is a key user, such as your security administrator.

    5. Log on to the AWS console.

      The Quick create stack page appears.

    6. Under Parameters, enter the following information:

      1. From the EC2 Instance Type list, select the type of EC2 instance to use for the backup gateway.

      2. From the EC2 Key Pair list, select a key pair to use to access the Commvault Cloud backup gateway.

      3. From the VPC ID list, select an Amazon Virtual Private Cloud (VPC).

      4. From the Subnet ID list, select a subnet.

      5. From the VPC CIDR list, select a VPC CIDR.

      Note

      Port 8403 opens on backup gateways only when the request comes from the IP ranges that are listed in the VPC CIDR field.

    7. Click Create stack.

      Wait for the Commvault Cloud backup gateway to be created.

    8. Return to the Commvault Cloud configuration wizard.

    9. Refresh the list of backup gateways, and then select the backup gateway that you created.

  2. Click Next.

    The Select Cloud Storage page of the configuration wizard appears.

Cloud Storage

Primary Copy

  1. To review the supported combinations of primary and secondary storage, see Storage Options for In-Guest Agent Based Backups.

  2. For the primary copy of the backup data, select an existing S3 storage bucket or create a new S3 storage bucket.

    Steps to create storage for the primary copy

    1. Click the add button add/plus button - gray - no border.

      The Add cloud storage dialog box appears.

    2. In Name, enter a descriptive name for the cloud storage.

    3. For Authentication, select the authentication type that you want to use.

      Note

      For the Backup using Metallic Infrastructure backup method, you can use only STS assume role with IAM policy for authentication.

      Authentication type

      Values to enter

      Access keys and secret keys

      In Access key ID, enter the access key ID.

      In Secret access key, enter the secret access key.

      IAM role

      None

      STS assume role

      In ARN role, enter the ARN.

      STS assume role with IAM policy

      None

    4. In Bucket, enter the Amazon S3 bucket name.

      For example, enter bucket_name, with no slash.

    5. For Storage Class, select the storage class for the type of access that you want to have for the data.

    6. Click Save.

  3. To select a secondary copy, move the Secondary copy toggle key to the right.

Secondary Copy

  1. Decide whether to store a secondary copy of the backup data for long-term retention.

    Steps to create storage for a secondary copy

    1. Move the Secondary copy toggle key to the right.

    2. For Secondary storage, select an existing storage location or create a new storage location.

      To create a storage location, do the following:

      1. Click the add button add/plus button - gray - no border.

        The Add cloud storage dialog box appears.

      2. From Type, select the storage provider, and then enter the necessary values.

        Note

        For the Backup using Metallic Infrastructure backup method, you can create only S3 storage for the secondary copy.

        Storage provider

        Values

        Air Gap Protect

        Cloud storage provider: Select Azure Blob Storage or OCI Object Storage.

        Storage class: Select the storage class for the type of access that you want to have for the data.

        Region: Select the region for the cloud storage.

        Amazon S3

        Name: Enter a descriptive name for the cloud storage.

        Region: Select the region for the cloud storage.

        Authentication: Select the type of authentication to use.

        - Access keys and secret keys: Enter the access key ID and the secret access key.

        - STS assume role with IAM role: Enter the ARN of the CommvaultRole.

        Bucket: Enter the name of the bucket.

        Storage class: Select the storage class for the type of access that you want to have for the data.

      3. Click Save.

  2. Click Next.

    The Plan page of the configuration wizard appears.

Backup Plan

A backup plan specifies the storage to back up the data to and other settings such as recovery point objective (RPO) settings.

  1. Select an existing backup plan or create a new one.

    Steps to create a backup plan

    1. Click the add button add/plus button - gray - no border.

      The Add plan dialog box appears.

    2. In the Plan name box, enter a descriptive name for the backup plan.

    3. For the backup plan settings, select pre-defined settings or create custom settings:

      • To select pre-defined settings, under Retention rules, select one of the following:

        • Select Standard retention to retain the incremental backups for 1 month.

        • Select Extended retention for optimized storage where the incremental backups of primary and secondary copies are retained for 1 month, and extended retention for monthly and yearly full backups.

          Note

          The Extended retention option is available only when the secondary copy backup is selected.

      • To create custom settings, select Custom plan, and then specify the following:

        • For Retention, specify the amount of time to retain the backup jobs.

        • For Retention monthly full (Secondary copy), specify the amount of time to retain the monthly full backup on secondary copy.

        • For Retention yearly full (Secondary copy), specify the amount of time to retain the yearly full backup on secondary copy.

        • For Backups run every, specify how often to run backups.

    4. Click Done.

  2. Click Next.

    The Install Packages page of the configuration wizard appears. You must select the installation method for the package.

Install Packages

Interactive Installation

  1. To perform an interactive installation, select Interactive installation.

  2. Download the backup client package and install it on the server you want to back up.

    To install the Windows and UNIX packages, you can use the respective silent install commands.

    Note

    • Only Windows (64-bit) and Linux (64-bit) are available for backups using Metallic infrastructure.

    • If the package is in a .tar file (for example, LinuxFileServer64.tar), the tar file must be extracted using the GNU TAR utility.

  3. Enter your Commvault Cloud credentials in the installer to authenticate the package on the server.

  4. For OS Type, specify the OS of the file server that you want to back up.

  5. From the Files list, select the file server that you installed.

    Tip

    Click the refresh button if the list does not display the required file server.

Push Installation

  1. To perform a push installation, select Push Installation.

  2. Select a file server from the list of servers or create a new one.

    Steps to create a file server

    1. In the Name box, enter the name of the file server on which the push installation needs to be performed.

    2. In the Username box, enter the username.

    3. In the Password box, enter the password, and then re-enter the password to confirm it.

    4. Select the OS Type of the file server.

    5. If you select Unix as the OS, to use a non-standard SSH port number, move the Use a non-standard SSH port number toggle key to the right.

    6. Optional: To specify the path to install the software, in Installation location, enter the path.

    7. To restart the file server after the installation, move the Reboot if required toggle key to the right.

    8. Click Save.

  3. Click Next.

    The Backup Content page appears.

Backup Content

You can add content by browsing, by selecting all the content, and by entering a custom path.

  1. If the selected backup plan has backup content defined, then the same content is automatically selected. If not, all content is selected for backup, by default.

  2. To browse for specific content, do the following:

    1. Click Add, and then select Browse.

      The Add content dialog box appears.

    2. Select the content.

    3. Click Save.

  3. To enter a custom path, do the following:

    1. Click Add, and then select Custom Path.

    2. In Enter custom path, enter the custom path for the content.

      For example, you can enter C:\Temp\abc (for Windows) or /dir1/abc (for Linux).

  4. To exclude some of the content you selected, click Add and then, browse or enter custom paths for the content to be excluded.

  5. Click Next.

    The Summary page of the configuration wizard appears.

Summary

  1. Review the summary.

  2. Click Finish.

Loading...