Modifying Settings for an Amazon EC2 Hypervisor

Settings that you can modify for an Amazon EC2 hypervisor (which represents an AWS account) include the authentication method, access nodes, security, and tags.

Go to the Hypervisor

1. From the Command Center navigation pane, go to Protect > Virtualization.

   The Overview page appears.

2. On the Hypervisor tab, click the hypervisor.

   The hypervisor page appears.

Modify the Regions

1. On the Overview tab, in the General section, click the edit button .

   The Edit hypervisor details dialog box appears.

2. For Regions, enter the AWS Regions that the instances reside in.

   You can enter multiple Regions as a comma-separated list. For example, you can enter us-east1,us-west1.

Modify the Authentication Method

For authenticating the connection to the Amazon EC2 instances, you can use an IAM role, an STS assume role with IAM policy, or an access key and a secret key.

1. On the Overview tab, in the General section, click the edit button .

   The Edit hypervisor details dialog box appears.

2. Select one of the following authentication methods:

   • IAM role

   • STS assume role with IAM policy

   • Access and secret key

Specify Credentials

If you selected STS assume role with IAM policy or Access and secret key for the authentication method, you must select existing credentials or create new creentials.

1. On the Overview tab, in the General section, click the edit button .

   The Edit hypervisor details dialog box appears.

2. For Credentials, select existing credentials or create new credentials.

3. Click Save.

Use Resources from an Admin AWS Account

If this hypervisor represents a tenant AWS account, then it can use data protection resources from a hypervisor that represents an admin AWS account. For more information, see Using Resources from an AWS Admin Account.

1. On the Overview tab, in the General section, click the edit button .

   The Edit hypervisor details dialog box appears.

2. Move the Use service account resources toggle key to the right.

3. From the list that appears, select the AWS admin account to provide resources to this tenant account.

4. Click Save.

View Recovery Points

On the Overview tab, the Recovery points section shows the backups that are available by date. For information about restores, see Restores for Amazon EC2 Instances and Files.

Disable Backups

When you disable backups, the hypervisor is excluded from SLA calculations.

1. On Configuration tab, in the Activity Control section, move the Data backup toggle key to the left.

   An Enable after a delay link appears.

2. To enable backups again after a delay, click the Enable after a delay link, and then enter the amount of time to delay.

Disable Restores

If you disable restores, applications and other data cannot be restored.

1. On Configuration tab, in the Activity Control section, move the Data restores toggle key to the left.

   An Enable after a delay link appears.

2. To enable restores again after a delay, click the Enable after a delay link, and then enter the amount of time to delay.

Modify Tags

If you have the Tag Management permission, you can create and apply tags to the hypervisor. For more information, see Entity Tags.

1. On Configuration tab, in the Tags section, click the edit button .

   The Manage tags dialog box appears.

2. In Tag name, enter a name for the tag.

3. To assign a value, in Tag value, enter the value.

4. Click Save.

Specify a Preferred Access Node for Linux Guest File Restores

When you browse files from a backup of a Linux Amazon EC2 instance, by default, the Commvault software automatically selects the access node to mount the files. To override the default behavior for this hypervisor and specify an access node to mount the files, use the Preferred node for guest file restores setting.

1. On Configuration tab, in the Options section, for Preferred node for guest file restores, click the edit button .

   The Edit file recovery node dialog box appears.

2. Select the access node.

3. Click Save.

Specify Guest Credentials

For application-aware backups and application-based backups, you can specify the credentials that are used to access guest instances.

1. On Configuration tab, in the Options section, for Guest credentials, click the edit button .

   The Set guest credentials dialog box appears.

2. Enter a user name and password that can be used for all guest instances that are associated with the hypervisor.

3. Click Save.

Specify a Time Zone

The default time zone for the hypervisor is the time zone of the CommServe server. You can specify a different time zone for the hypervisor.

If you specify a time zone for the hypervisor and for a VM group, the Commvault uses the time zone of the VM group.

• On Configuration tab, in the Options section, for Time zone, click the edit button , and then select the time zone.

Block Cross-Region Backups

The most cost-effective way to protect Amazon EC2 instances in multiple AWS Regions is to create a multi-region backup plan and to block cross-region backups for the hypervisor (by enabling the Restrict cross-region backups toggle key).

For information, see Configuring Multi-Region Backups for Amazon EC2 Instances.

Enable Snapshot Backups

You can enable snapshot backups for the VM groups that are associated with the hypervisor.

• On Configuration tab, in the Snapshot management section, move the Enable snap backup toggle key to the right.

Add a Storage Array for Snapshot Backups

If you enable snapshot backups, you can add a storage array for storing the snapshot backups.

1. On Configuration tab, in the Snapshot management section, click Add array.

   The Add Snap Array wizard appears.

2. From the Snap vendor list, select the array type that you are adding.

   If the array type has snapshot configuration properties, then a Snap Configurations page appears in the Add Snap Array wizard.

3. In the Array name box, enter the name of the array.

4. In the Control host box, enter the control host IP address.

5. Specify credentials as follows:

   • If Username and Password boxes appear, enter the credentials for the array.

   • If Saved credentials appears, select existing credentials or create new credentials.

6. Click Next.

   The Array Access Nodes page appears.

7. From the Available MediaAgents list, select the access nodes to use for the array.

   The access node is used only for data aging and automatic deletion requests, not for the manual deletion requests that you can make in array management.

8. To disable pruning of the snapshots, move the Pruning toggle key to the left.

9. Click Next.

   If the array type has snapshot configuration properties, then a Snap Configurations page appears.

10. Review the settings.

11. Click Save.

Assign Roles to Users or User Groups

To allow a user or user group to perform data management operations on the hypervisor, create a security association between the user or user group and one of the following pre-defined roles:

• View: Provide read-only access to application group configuration, job history, and reporting data

• VM End User: Provide self-service backup, recover both in-place and out-of-place

Procedure

1. On the Configuration tab, in the Security section, click the edit button .

   The Security dialog box appears.

2. On the Associations tab, enter the name of the user or user group, select the role to assign, and then click Add.

3. Click Save.

Related Topics

• Roles Overview

• Security for Virtualization

Assign Owners and Permissions

You can specify owners and permissions for the hypervisor.

1. On the Configuration tab, in the Security section, click the edit button .

   The Security dialog box appears.

2. On the Owners tab, enter the name of the user or user group to assign as an owner.

3. Under Permissions, select the permissions to give to the owner.

4. Click Save.

Modify Access Nodes

Select Different Access Nodes for the Hypervisor

1. On Configuration tab, in the Access nodes section, click Actions, and then select Edit.

   The Edit access node dialog box appears.

2. Select the access node group or the access nodes to use for the VM group.

3. Click OK.

Deploy an Access Node for the Hypervisor Using VM Provisioning Settings ("Create Access Node" Option)

If your environment includes at least one Amazon EC2 hypervisor (which represents an AWS account) that VM provisioning settings are specified for, you can deploy an access node using those VM provisioning settings.

Amazon EBS volumes that are created using the provisioning settings—either manually when you use the Create Access Node option or automatically by the Commvault software when auto-scaling access nodes—are encrypted using the KMS key that is set for the AWS account. The AWS account must have a KMS key.

Procedure

1. On the Configuration tab, in the Access node section, click the Actions button, and then select Create access node.

   The Create access node dialog box appears.

2. For Select operating system, select the operating system of the access node.

3. In VM name, enter a name for the VM.

4. From the Provisioning hypervisor list, select the hypervisor that will host the access node.

5. From the Region list, select the AWS Region that will host the access node.

   Note

   If you select a Region that is configured in the VM provisioning settings, then VPC, Subnet list, Security group, and Key pair settings are not available for selection.

6. From the Availability zone list, select the AWS Availability Zone to create access nodes in.

7. From the VPC list, select a VPC.

8. From the Subnet list, select a subnet.

9. From the Security group list, select a security group.

   After running a backup job, if you try to change the security group for the access nodes that will be launched in a new security group, the original security group is used anyway. To avoid that problem, remove the access nodes from the server group, and then select a new security group. The software creates new access nodes using the security group that you selected.

10. If you intend to use the access node to host deduplication databases, do the following:

    1. Move the Enable key pair toggle key to the right.

    2. In the confirmation dialog box that appears, click Yes.

    3. From the Key pair list, select the key pair to use for logging on to the access node.

11. To specify tags for the provisioned access node, do the following:

    1. In the Tags section, click Add.

       The Add tag dialog box appears.

    2. In the Key box, enter the key value of the tag.

    3. In the Value, enter the value of the tag.

    4. Click Save.

12. Click Save.

Results

The new access node appears in the Access node section on the Configuration tab for the provisioning hypervisor.

Register an Access Node for the Hypervisor ("Configure Access Node" Option)

You can register an access node that is already deployed in your environment.

1. On the Configuration tab, in the Access node section, click the Actions button, and then select Configure access node.

   The Add access node dialog box appears.

2. For Host mame, enter the IP address or the fully qualified host name of the machine.

3. For Name, enter a descriptive name for the access node.

   Instructions to download and install the necessary Commvault packages appear.

4. Click OK.

Related Pages

• System Requirements for Protecting Amazon EC2 Instances

• Auto-Scaling for Amazon EC2 Access Nodes

View Virtual Machines

The Virtual Machines tab shows the instances that are associated with this hypervisor.

View VM Groups

The VM groups tab shows the VM groups that are associated with this hypervisor.

To create a new VM group, see Creating a VM Group for Amazon EC2.

To modify the settings for an existing VM group, see Modifying Settings for an Amazon EC2 VM Group.