You can restore a single full Amazon EC2 instances to a different AWS Region and/or AWS account (out of place).
Prerequisites
-
The AWS IAM identity (user, role) that you use for the restore must have the amazon_restricted_role_permissions.json role applied, with permissions to perform restores.
For more information, see the following pages:
-
If a passkey is configured for restores, you must have the passkey.
Start the Restore Wizard
-
From the Command Center navigation pane, go to Protect > Virtualization.
The Overview page appears.
-
On the VM groups tab, in the row for the VM group that contains the EC2 instances that you want to restore, click the action button , and then click Restore.
The Select restore type page appears.
-
Click Full instance.
The Full instance page appears.
-
Select the EC2 instance to restore.
-
To select a specific source copy and/or MediaAgent for the restore, in the upper-right area of the page, click Change source.
By default, the Commvault software automatically selects the MediaAgent and source copy as follows:
-
MediaAgent: The software uses the MediaAgent that performed the backup.
-
Source copy: By default, the software searches for the requested data in the primary copy. If the data is not found in the primary copy, the software selects a secondary or auxiliary copy.
Potential for egress charges
Restoring from a copy that is outside the destination Region incurs egress charges. For more information, see Data Transfer on the Amazon EC2 On-Demand Pricing page in the AWS documentation.
For more information, see MediaAgent and Copy Precedence Considerations for Virtualization Restores.
-
-
Click Restore.
The restore wizard appears.
Specify the Restore Destination
-
For Type, select Out of place.
-
For Restore as, leave Amazon Web Services selected.
-
From the Destination list, select the AWS account to restore the EC2 instances to.
-
For Access node, leave Automatic (the default value) selected, or select an access node or an access node group.
-
For the best results, use the Automatic option because it does the following:
-
Selects the most appropriate access nodes.
Potential for egress charges
The software assigns the EC2 instances to access nodes as follows:
1. To access nodes in the same AZ.
2. If no access nodes in the same AZ are available, to access nodes in same Region.
3. If no access nodes in the same Region are available, to any available access node (which incurs egress charges).
-
Provides resiliency against access node failure (that is, if an access node fails during a restore, the software restarts the restore on other, available access nodes).
-
-
If you select a specific access node or access node group, consider the following:
-
If you select an access node that is outside of AWS, the software uploads volume information to Amazon S3 and uses the volumes to create the EC2 instance.
-
If you select an access node group, the software distributes the workload across the access nodes that are available in the access node group.
-
Potential for egress charges
When you restore an EC2 instance from an Amazon S3 library in one AWS Region to another Region, consider Amazon Virtual Private Cloud (VPC) egress costs. For more information, see Data Transfer on the Amazon EC2 On-Demand Pricing page in the AWS documentation.
-
-
Click Next.
The Virtual Machines page appears.
By default, an out-of-place restore requires you to select a destination network. This requirement is indicated by a red alert on the Virtual Machines page.
Configure Restore Options for the EC2 Instance and the EBS Volumes
-
To configure the restore options for the EC2 instance, select the instance, and then click Configure restore options.
The Configure restore options dialog box appears.
-
In VM display name, enter a name for the restored instance.
The software sets the AWS Resource Tag 'Name' to the value that you enter in VM display name. For information about which characters are supported for AWS Resource tags, see Tagging your AWS resources in the AWS documentation.
-
For Availability zone, select the AZ to restore the EC2 instance to.
-
For Instance type, select the EC2 instance type for the restored instance.
The Automatic option attempts to restore the instances as the same EC2 instance type as the source.
-
For Key pair, enter the Amazon EC2 key pair to access the restored EC2 instance.
-
For Network settings, specify whether to use the source network configuration or a different configuration:
-
To re-create the source network (VPC, Subnets, Security Groups, elastic network interfaces, ENIs) as part of the restore, move the Restore source network configuration toggle key to the right.
-
To restore to an existing VPC in the destination AWS account, do the following:
-
If you are installing to a new AWS account or AWS Region and you want the software to create your VPC and related resources as part of the restore of the EC2 instance, move the Restore source network configuration toggle key to the left.
-
For Network, to select an VPC network, subnet, and ENI, do the following:
-
Click the browse button.
The Select network settings dialog box appears.
-
Select an existing ENI or create a new ENI.
When you create a new ENI, you can specify an IP address.
-
Click Save.
-
-
To specify a custom IPv4 primary IP address for Network Interface 1 (Primary Interface) for the restored EC2 instances, in Private IP address, enter the IPv4 address.
Note
If you enter an IP address that is not within the available range or that is already in use, the restore fails.
-
For Security groups, do one of the following:
-
To have the software attempt to assign the same security group from the source EC2 instance to the restored EC2 instance, select Auto-assign.
-
To select a security group from the AWS account that you're restoring the intances to, select Custom, and then select the security group.
-
-
-
-
For Volume options, modify the settings for EBS volumes as follows:
-
You can select one or more volumes to modify.
If you select multiple volumes, and the volumes have different values for either Volume type or KMS key, then Leave value unchanged is displayed for that setting. Consider the following points:
-
Leave value unchanged indicates that the restored volumes will be restored with the same value as the source volumes.
-
You can select a different value, and the value that you select applies to all the volumes that you are modifying.
-
-
For backups from Commvault Platform Release 2024 (11.34) and previous releases, in Volume type and KMS key, Original is displayed. Original indicates the type of the source volume.
-
For Volume type, the options are limited to only those that are supported for the volume size.
Volume types that are not supported for the volume size are visible, but not available to select.
To view the minimum and maximum volume sizes for a volume type that is not available, hover over that volume type.
-
If IOPS applies, given the volume type, then you can modify the value.
After you click Save, the software validates the value you enter. If the value is not in the supported range for the EBS volume type, the software displays the minimum and maximum values.
-
If Throughput applies, given the volume type, then you can modify the value.
After you click Save, the software validates the value you enter. If the value is not in the supported range for the EBS volume type, the software displays the minimum, maximum, and baseline values.
Note
Some Amazon EBS volumes require a specific IOPS and throughput ratio. Verify both that your IOPS and throughput values are within the supported ranges for those values and that the ratio between your values is supported.
-
For KMS key, select an encryption key or option:
Important
-
Commvault recommends that you enable default encryption of EBS volumes in each AWS account that creates EBS volumes. For information, see Enable encryption by default in the AWS documentation.
-
The followng key types are supported:
-
AWS managed keys
-
AWS owned keys
-
Customer managed keys, including multi-region keys
-
-
Auto: This option is available for restores to a different AWS Region.
The Auto option looks up the default KMS key for EBS encryption using the ec2:GetEbsEncryptionByDefault action (if permitted by the identity that is performing the restore).
-
No encryption: This option is not recommended. The AWS Well-Architected Framework (SEC08-BP02) recommends enforcing encryption at rest for sensitive data.
-
-
-
For Tags, you can add, modify, and delete AWS resource tags.
If the source EC2 instance has tags, then those tags are displayed (excluding the Name tag and the AWS reserved tags).
Important
-
For backups that were created with Commvault Platform Release 2022E (11.28) and previous releases, if you add new tags, any existing tags on the EBS volume are removed.
-
If you delete tags, your restored EC2 instances might not be managed in accordance with your organization's policies.
-
-
Click Next.
The Restore Options page appears.
Specify Settings for the Restore Operation
-
Specify the following settings:
-
Power on VMs after restore: Select this setting to have the software start the EC2 instances after they are restored.
The power state of the EC2 instance does not affect subsequent backups. If the EC2 instance is powered on during backups, by default, the EC2 instance is powered on again after the restore completes (unless you clear this check box).
-
Unconditionally overwrite if it already exists: If an EC2 instance that you are restoring and an EC2 instance in the destination AWS account have the same instance ID, select this setting have the software delete the instance in the destination AWS account and replace it with the EC2 instance that you are restoring.
Note
If an EC2 instance that you are restoring and an EC2 instance in the destination AWS account have the same instance ID, and you do not select Unconditionally overwrite if it already exists, the restore fails.
-
Reuse existing VM client: If an EC2 instance that you are restoring and an EC2 instance in the destination AWS account have the same instance ID, select this setting have the software reuse the EC2 instance in the destination AWS account and map its information (such as client name, host name, and client ID) to the source EC2 instance.
-
Notify user on job completion: Select this setting have the software send an email notification that the restore is complete.
For the software to send an email notification, you must configure an email server.
-
Under Additional options, for Transport mode, you can specify the transport mode to use for the restore.
The default value of Automatic uses the best transport mode for your environment.
For more information, see Transport Modes for Backups, Restores, Replications, and Conversions to Amazon EC2.
-
-
Click Next.
The Summary page appears.
Review the Summary and Start the Restore
-
Review the summary to verify the settings.
-
Click Submit to start the restore.
Related Pages
-
Restrictions and Known Limitations for Protecting Amazon EC2 with Commvault
-
AWS managed keys in the AWS documentation
-
AWS owned keys in the AWS documentation
-
Customer managed keys in the AWS documentation
-
Multi-Region keys in AWS KMS in the AWS documentation
-
Tagging your AWS resources in the AWS documentation