Specifying VM Provisioning Settings for Amazon EC2 Access Nodes

Applies to: MSP admin, tenant admin

VM provisioning settings are used to provision access nodes that are created—either manually by end users or automatically by the Commvault software when it auto-scales access nodes.

If you already specified VM provisioning settings for an Amazon EC2 hypervisor (which represents an AWS account), you can apply those settings to another Amazon EC2 hypervisor. Or you can create new VM provisioning settings for an Amazon EC2 hypervisor.

Amazon EBS volumes that are created using the provisioning settings are encrypted using the KMS key that is set for the AWS account. The AWS account must have a KMS key.

Apply Existing VM Provisioning Settings to an Amazon EC2 Hypervisor

If you already specified VM provisioning settings for an Amazon EC2 hypervisor (which represents an AWS account), you can apply those settings to the current hypervisor.

1. From the Command Center navigation pane, go to Protect > Virtualization.

   The Overview page appears.

2. On the Hypervisors tab, click the AWS account that you want to configure with VM provisioning settings.

   The hypervisor page appears.

3. On the Configuration tab, in the Access node section, click VM provisioning settings.

   The VM provisioning settings dialog box appears.

4. Move the Associate existing VM provisioning settings toggle key to the right.

5. From the Destination hypervisor list, select the AWS account.

Create New VM Provisioning Settings for an Amazon EC2 Hypervisor

You can create new provisioning settings for this Amazon EC2 hypervisor (which represents an AWS account).

Go to the Provisioning Settings Wizard

1. From the Command Center navigation pane, go to Protect > Virtualization.

   The Overview page appears.

2. On the Hypervisors tab, click the AWS account that you want to specify new VM provisioning settings for.

   The hypervisor page appears.

3. On the Configuration tab, in the Access node section, click VM provisioning settings.

   The VM provisioning settings dialog box appears.

4. Move the Associate existing VM provisioning settings toggle key to the left.

5. Click Confirm.

   The Server Group and IAM page of the Provisioning settings wizard appears.

Server Group and IAM Page

1. From the Server groups list, select the server group to use for the access nodes.

2. From the IAM role list, select an IAM role that has both the AmazonSSMManagedInstanceCore managed policy and the amazon_restricted_role_permissions.json file attached.

   You can find the policy in the AWS console at arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore.

3. To use the VM provisioning settings for the current hypervisor as the default settings for all Amazon EC2 hypervisors, move the Set as system default settings toggle key to the right.

   If you enable this setting, when users select an Amazon EC2 hypervisor, they see a visual indication that these settings are the default settings.

4. To disable creating a public IP address on provisioned access nodes, move the Create public IP address toggle key to the left.

   Note

   To communicate with the Commserve computer, the default ports 8400 and 8403 must be open on the access node machines in the network security group rules.

5. Click Next.

   The Availability zone page of the Provisioning settings wizard appears.

Availability Zone Page

Specify an AWS Availability Zone for the access nodes.

• To use the default security group in the Amazon Virtual Private Cloud (VPC), move the Deploy access nodes into default VPC toggle key to the right.

  If you select this option, the Commvault software assigns the default security group that is defined within your VPC, instead of a specific security group for your Amazon EC2 instance. For more information, see Default security group for your VPC in the AWS documentation.

• To specify a different security group, do the following:

  1. Move the Deploy access nodes into default VPC toggle key to the left.

  2. Click Add.

     The Edit region dialog box appears.

  3. From the Availability zone list, select the AWS Availability Zone to create access nodes in.

  4. From the VPC list, select a VPC.

  5. From the Subnet list, select a subnet.

  6. From the Security group list, select a security group.

     Important

     After running a backup, if you try to change the security group for the access nodes that will be launched in a new security group, the original security group is used anyway. To avoid that problem, remove the access nodes from the server group, and then select a new security group. The software creates new access nodes using the security group that you selected.

  7. If you intend to use the access nodes to host deduplication databases, move the Enable key pair toggle key to the right.

  8. In the confirmation dialog box that appears, click Yes.

  9. From the Key pair list, select the key pair to use for logging on to the access node.

  10. Click Save.

  11. Click Next.

  The Access Nodes page of the Provisioning settings wizard appears.

Access Nodes Page

1. Specify how you want the instance type of the access nodes to be determined:

   • To have the Commvault software select the instance type, leave the Auto select instance type toggle key enabled.

     An AWS Graviton (Arm-based, 64-bit) image with the C7g.large instance type is used to create the access nodes. If an AWS Graviton (Arm-based, 64-bit) image is not available in the AWS Region, then an x86 image with a C7i.large instance is used.

   • To specify the instance type in these provisioning settings, do the following:

     1. Move the Auto select instance type toggle key to the left.

     2. From the Instance type list, select an instance type.

        The following AWS instance types are supported:

        • AWS Graviton (Arm-based, 64-bit): C7g.large (default), c6g.large, c6g.xlarge, c6g.2xlarge, r6g.large, r6g.xlarge, r6g.2xlarge, r6g.4xlarge

        • x86: C7i.large (default), c5.large, c5.xlarge, c5.2xlarge, m5a.2xlarge, r5a.large, r5a.xlarge

   • To allow the user to select the instance type when starting a provisioning job, move the Choose instance type while launching job toggle key to the right.

   Important

   After running a backup, if you try to change the instance type for the access nodes that will be launched in a new instance, the original instance type is used anyway. To avoid that problem, remove the access nodes from the server.

2. For Maximum number of access nodes, enter the maximum number of access nodes that can be created in each Region to back up the Amazon EC2 instances in the Region.

   The default value is 10, and the maximum number is 100.

3. For Select operating system, select the OS for the access nodes.

4. Click Next.

   The Advanced Settings page of the Provisioning settings wizard appears.

Advanced Settings Page

1. To specify a network gateway for the access nodes to communicate with the CommServe server, in the Network gateway box, enter the gateway in the hostname:port format.

2. To associate users and/or user groups with the VM provisioning settings, from the Security list, select the users and/or user groups.

3. To require approval for the creation of the access nodes, in the User approval box, enter the names of the users or user groups who you want to give approval capability.

   The users will receive an email notification to approve the creation of the access nodes. When the user approves, the job to create the access nodes starts.

4. To specify a workflow that will execute when access nodes are created or before or after provisioned access nodes are modified, do the following:

   1. Click Add

      The Add workflow dialog box appears.

   2. From the Workflow type list, select when you want the workflow to execute:

      • Provisioning: The workflow executes when access nodes are created.

      • Pre edit-VM: The workflow executes before access nodes are modified.

      • Post edit-VM: The workflow executes after access nodes are modifed.

   3. From the Workflow list, select the workflow to execute.

      Only workflows with the suffix "_provisioning" appear in this list.

   4. Click Save.

5. To specify a tag for the provisioned access node, do the following:

   1. In the Tags section, click Add.

   The Add tag dialog box appears.

   1. Specify the Workload type to add the tag for:

      • General: Adds the tag to all access nodes.

      • Virtualization: Adds the tag to access nodes for Virtualization workloads.

      • Office 365: Adds the tag to access nodes for Office 365 workloads.

      • Media agent: Adds the tag to MediaAgent access nodes.

   2. In the Key box, enter the key value of the tag.

   3. In the Value, enter the value of the tag.

   4. Click Save.

6. Click Next.

   The Summary page of the Provisioning settings wizard appears.

Summary Page

1. Review the summary.

2. Click Submit.

Related Pages

For instructions to manually create an Amazon EC2 access node using VM provisioning settings, see the "Deploy an Access Node for the Hypervisor Using VM Provisioning Settings ("Create Access Node" Option)" section on the Modifying Settings for an Amazon EC2 Hypervisor page.