There are limitations and known issues for protecting Amazon EC2 instances, Amazon EBS volumes, Amazon VPC resources, and Amazon EBS io2 block express volumes with Commvault. Workarounds, if available, are included.
Amazon EC2
-
Amazon EC2 Spot Instances can be protected. But they can be restored only as non-Spot (that is, on-demand) instances.
-
Amazon Machine Images (AMIs) that are used to provision Amazon EC2 instances (public, private) are not protected.
-
Static IP addresses on protected EC2 instances are not restored. The Commvault software converts static IP addresses to DHCP as follows:
-
For restores using the Import method, static IPs are converted to DHCP.
-
For restores of Windows instances using the Commvault HotAdd transport mode or the Amazon EBS Direct transport mode, static IP addresses are converted to DHCP, unless the DHCP service is disabled.
-
For restores of Linux instances using the Commvault HotAdd transport mode, static IP addresses are converted to DHCP during the driver injection process.
-
For restores of Linux instances using the EBS Direct method, static IP addresses are not automatically converted to DHCP. You must manually enable DHCP—on the source instance before the restore or on the restored instance after the restore.
-
-
Private primary IP addresses (IPv4) are collected during Amazon EC2 instance backups, but are re-created during full instance restores.
-
Custom primary private IP addresses are not restored (IPv6).
-
Custom CPU configurations on protected EC2 instances are not restored.
-
Full instance out-of-place restores of Amazon EC2 instances that were deployed from the AWS Marketplace do not restore AMI product codes.
-
User data is not protected or restored as part of EC2 instance protection.
-
For EC2 instances that have multiple network interface controllers (NICs), all the NICs are backed up. However, when the instance is restored, only one NIC is restored.
-
Because of an AWS limitation, when you perform a restore that reuses an existing Elastic Network Interface (ENI), the Commvault software cannot assign a new, custom IP address. Instead, the software reuses the selected ENI.
Amazon EBS
-
Customization of EBS volume settings is supported for full EC2 instance restores, but not for the following:
-
Volume attach restores
-
Autonomous recovery (for example, periodic repliation)
-
Restore operations performed by VM End User roles
-
-
Amazon EBS instance store volumes are not protected or restored as part of EC2 instance protection.
Note
To perform file system level backup and recovery of EC2 instance store data, you can install Commvault file system agents inside the EC2 instance.
Commvault Limitations Using io2 Volumes
-
If the source EBS volume is greater than 16 TB and the access node is of a non-Nitro instance type, then the Commvault Hotadd transport mode is not feasible because volumes greater than 16 TB cannot be attached to the non-Nitro instances.
-
If the source EBS volume is greater than 16 TB, the EBS volumes are unencrypted, and encryption by default is enabled on the account or region, then Live Browse from snap copy using the Commvault HotAdd transport mode is not feasible because Commvault cannot create an encrypted snap copy for Live Browse at this time. Use the Amazon EBS Direct transport mode instead.
-
If the source EBS volume is greater than 16 TB, the EBS volumes are unencrypted, encryption by default is enabled on the account or region, then backup copy using the Commvault Hotadd transport mode is not feasible because Commvault cannot create an encrypted snapshot copy required by the Commvault HotAdd transport mode. Use the Amazon EBS Direct transport mode instead.
Amazon VPC
Commvault protects and gathers the underlying AWS resources and configuration metadata for the following resources, but, if they are missing, Commvault does not re-create them during an Amazon EC2 full instance restore. Resources are listed as they appear in the Amazon VPC management console.
Resources That Are Recoverable, with Limitations
To recover flow logs with an out-of-place, cross-account restore, you must disable the Restore source network configuration setting.
Note
Resources are listed in the order they appear in the Amazon VPC management console.
Unrecoverable Resources
-
Subnet CIDR reservations (IPv4, IPv6)
-
Route tables (Main, Custom)
-
Egress-only internet gateways
-
Managed prefix lists
-
Endpoints (Interface, Gateway)
-
Endpoint services
-
NAT gateways (Public, Private)
-
Transit gateways
-
Transit gateway policy tables
-
Transit gateway route tables
-
Transit gateway multicast
-
-
Virtual private networks: Customer gateways (site-to-site VPN connections), virtual private gateways (VPN gateways)
-
Network access control lists (Network ACLs)
-
AWS Verified Access
-
Verified Access instances
-
Verified Access trust providers
-
Verified Access groups
-
Verified Access endpoints
-
-
DNS firewall
- Route 53 Resolver DNS firewalls (Rule groups, Domain lists)
-
Network firewalls
- Network firewalls (firewalls, firewall policies, Network Firewall rule groups, TLS inspection configurations, Network Firewall resource groups)
-
Virtual private network
-
Site-to-Site VPN Connections (AWS Site-to-Site VPN, AWS Client VPN, AWS VPN CloudHub, third-party software VPN appliances)
-
AWS Client VPN endpoints
-
-
VPC Lattice
-
Service networks
-
Services
-
Target groups
-
-
Transit gateways
-
Transit gateway policy tables
-
Transit gateway route tables
-
Transit gateway multicast
-
-
Traffic Mirroring
-
Mirror sessions
-
Mirror targets
-
Mirror filters
-
-
Cloud WAN resources
-
Network Manager
-
IP Address Manager (IPAM) pools
-
Network Access Analyzer
-
Reachability Analyzer
-
-
AWS Direct Connect
- Routers
-
Security
-
Default VPCs are restored as non-default VPCs.
-
Default VPC security group is restored only when the source VM has the corresponding default security group associated.
Unprotected Resources
-
Transit gateways
-
Transit gateway policy tables
-
Transit gateway route tables
-
Transit gateway multicast
Related Topics
-