Add an Amazon hypervisor to support data protection operations for all virtual machines hosted or managed by the hypervisor.
Before You Begin
-
The hypervisor represents an Amazon Web Services (AWS) account.
Be prepared to enter a key pair (Access Key and Secret Key) obtained from the Amazon EC2 website section on Security Credentials.
Alternatively, you can configure a proxy to use an IAM role for authentication, as described below.
-
For accounts that use data protection resources from another account, you can specify an Admin account that provides the data protection resources. For more information, see Using Resources from an Admin Account.
First, create a hypervisor for the admin account (for example, for the MSP). After you create the admin hypervisor, create a hypervisor for the tenant account, and refer to the admin account using the Use admin account resources option.
Note
-
For deployments that use an Admin account, the tenant account must use an access key and secret key for authentication. The admin account can use an access key and secret key for authentication, or an IAM role.
-
When the hypervisor is configured to use an Admin account, some hypervisor configuration options are hidden.
-
Procedure
-
From the navigation pane, go to Protect > Virtualization.
The Virtual machines page appears.
-
On the Hypervisors tab, click Add hypervisor.
-
For Select vendor, select Amazon.
-
For Hypervisor name or Client name, type a descriptive name for the hypervisor.
-
Enter the host or account authentication information:
-
IAM role: If you select this option, select an access node that has an IAM role associated with it in the AWS Console.
Note
If you select IAM role for the Amazon client, but a proxy that is not associated with the IAM role is used for a backup or restore, the operation fails.
The IAM role must have appropriate permissions, which can be any of the following:
-
Amazon EC2 Full Access
-
Amazon S3 Full Access
-
Administrator Access
-
Custom permissions to access AWS resources, which can be one of the following:
-
Access and secret key: If you select this option, provide the following information:
-
Access key: Type the Access Key ID that is associated with your Amazon account.
-
Secret key: Type the Secret Access Key that is associated with your Amazon account.
To apply an IAM policy for the hypervisor when you use this authentication method, you can attach an IAM policy to the user who is associated with the access and secret key.
-
If you already configured a hypervisor for an Admin account, you can select the Use admin account resources option and then select the Admin account from the Account list. This option applies only in environments where data protection resources are provided by a separate Admin account.
If another Amazon hypervisor is not already configured, this field does not appear.
-
-
-
From the Access nodes list, select a proxy or a server from the list which will be used for the backup and restore operations.
-
Click Save to close the Add cloud account dialog box.