System Requirements for AWS Backup Gateways

You can install a Commvault Cloud backup gateway on an Amazon EC2 instance for one AWS account, to back up resources from different AWS accounts that exist in the same region.

The following diagram shows an example of where you can install a backup gateway for AWS.

Amazon EC2 Instance Support and Requirements

• Select the instance size based on availability in your region and backup data size:

  Backup data size	Required instance size
  Up to 50 TB	r5.large r5a.large
  More than 50 TB	See the additional sizing guidelines in the KB article "Backup Gateway Sizing Guidelines for AWS Environments"

• Dynamic volume types—such as spanned, striped, mirrored, and RAID-5—are not supported.

Network Requirements

• VPC peering is required between the backup gateway and your AWS data source in the following cases:

  • The backup gateway and the data source are in different VPCs.

  • The backup gateway and the data source are in a single AWS account.

  • The backup gateway and the data source are in different AWS accounts.

• The security group that is applied to the Amazon VPC endpoint must allow incoming HTTPS (port 443) connections from any and all Commvault Cloud backup gateways to communicate with the endpoint network interface. See Access an AWS service using an interface VPC endpoint on the AWS documentation website.

• TCP 443 outbound must be open to access the Commvault Cloud backup service (*.metallic.io). This is only control traffic, not data traffic.

• Your selected subnets must have outbound internet connectivity using NAT gateways. NAT gateways incur additional costs. Commvault Cloud does not assign public IP addresses for your backup gateway instances.

• TCP 8400 and 8403 must be open between the backup gateway and the AWS data sources. If the Amazon EC2 instance has agents, the agents will communicate with the backup gateway on TCP 8403.

• The backup gateway must be able to connect to service endpoints or—if the AWS account is restricted to specific regions—to the regional equivalent. For information, see Service endpoints and quotas on the AWS documentation website.

• The backup gateway must have outbound access to the following URLs:

  • Access Commvault Cloud CloudFormation Templates

  • Download Commvault Cloud packages required to setup a backup gateway

  • Python pip Packages

  • AWS CFN Packages

  • Commvault Cloud packages

Operating System Support

Windows

• A Windows backup gateway is required only to protect Amazon EC2 instances that use dynamic disks, the ReFS file system, or disk encryption.

• Windows backup gateways cannot perform live browse operations for EXT3, EXT4, and XFS file systems.

• The ACL of NTFS files is preserved during cross-platform restores only if the destination client is installed with Windows.

Linux

• Live browse operations using Linux backup gateways are supported only for the NTFS file system.

• Live browse operations using Linux backup gateways are not supported for IntelliSnap backups.

• Restoring files with advanced encryption attributes using a Linux backup gateway is not supported.