> Software > Secure > Auto Recovery > Virtual Machines > Planning > Hypervisor Configuration Requirements > Amazon Web Services > Configure replication for AWS

Configure a replication target for Amazon Web Services

A replication target is a reusable set of Amazon Web Services destination settings—such as the Region, access node selection, networking, and encryption—that Commvault uses to replicate VMs and instances for disaster recovery and cyber resilience.

Important

Changes that you make to a replication target apply only to new replication groups that use that target. Changes don’t apply to existing replication groups.

Start the configuration wizard

  1. From the Command Center navigation pane, go to Auto recovery > Targets.

  2. On the upper-right area of the page, click Add.

  3. Select Amazon Web Services, and then click Next.

Provide general information

  1. In Name, enter a descriptive name for the replication target.

  2. From the Destination list, select an Amazon EC2 destination hypervisor or create a new hypervisor.

  3. From the Access node list, select the access node or access node group to run replication and failover operations. To distribute workloads across available access nodes, select Automatic.

Considerations for access node selection

  • For AWS-to-AWS restores, if you assign access nodes at both the hypervisor level and the VM group level, both sets of access nodes are used.

  • If you assign access nodes at the hypervisor level and the VM group level for both the source and destination hypervisors, the access nodes assigned to the destination hypervisor are used.

  • To restore multiple instances or VMs at the same time, select Automatic to distribute the workload across the access nodes that are assigned to the destination hypervisor. This option is available for restores from both streaming and IntelliSnap backup copies.

  • If you select an access node group for the restore, Commvault distributes the workload across the available access nodes in that group.

  1. From the Security list, select the users or user groups who can access this replication target.

  2. Under VM display name, choose how to name destination VMs or instances:

  3. To keep the source name as is, select Use original name.

  4. To add a prefix, select Add a prefix to the VM name, and then enter the prefix.

  5. To add a suffix, select Add a suffix to the VM name, and then enter the suffix.

  6. Click Next.

Configure destination options

  1. From the Availability zone list, select the destination zone.

  2. From the Instance type list, select the instance type that provides the available CPU cores and memory for the destination instances. The Automatic option attempts to use the same instance type as the source.

  3. From the Key pair list, select a key pair. For Windows instances, if the administrator password has been set, use that password. You can't use a new key pair to retrieve the password.

  4. From the IAM role for Amazon EC2 list, select the IAM role for destination instances.

Configure network settings

  1. From the Network list, select the destination network interface settings.

  2. From the Security groups list, select the security groups to apply to destination instances. If you select an existing network, the security group will be automatically selected and not enabled.

  3. From the Volume type list, select a volume type that is optimized for transactional workloads or streaming workloads. The auto volume type used for restore to AWS is General Purpose SSD (gp2), and for restores from AWS-to-AWS, the volume type of the source instance is used.

  4. From the KMS key list, select the encryption key or encryption option to use.

    • Auto: Available for restores to a different AWS Region.

      If the identity that performs the restore has the ec2:GetEbsDefaultKmsKeyId permission, AWS identifies the default KMS key for EBS encryption with the Default EBS Key tag. The ec2:GetEbsDefaultKmsKeyId permission is included in amazon_restricted_role_permissions.json.

    • No encryption: Not recommended. The AWS Well-Architected Framework (SEC08-BP02) recommends enforcing encryption at rest for sensitive data.

    Important

    Commvault recommends enabling encryption by default in each AWS account that creates EBS volumes. The following key types are supported:

    • AWS managed keys

    • AWS owned keys

    • Customer managed keys, including multi-region keys

Configure additional options

  1. From the Tenancy list, select how the destination instances should run:

    • Shared - run a shared hardware instance

    • Dedicated - run a dedicated instance

    • Dedicated host - launch this instance on a dedicated host

  2. Click Next.

Test failover options

  1. From the Expiration time list, select Hours or Days, and then enter how long test failover instances can run before they expire.

  2. In Network, keep the default network or click Browse and select another network.

  3. From the Security groups list, select the security group or groups to apply to test failover instances.

  4. From the Instance type list, to use a specific instance type, clear Automatic, and then select the instance type to use for the test failover instance.

  5. Click Submit.

×

Loading...