> Software > Protect > Identity > Active Directory > Forest recovery for Active Directory > Configure forest recovery > Step 6: Create a recovery target

Create an AWS recovery target for Active Directory forest recovery

Create an AWS recovery target for Active Directory forest recovery to recover domain controllers to an AWS account.

Start the Add Amazon Target wizard

  1. From the Command Center navigation pane, go to Protect > Active Directory.

    The Overview page appears.

  2. Click the Forests tab, and then click the forest.

    The forest page appears.

  3. Click the Runbook tab, and then click the runbook.

    The runbook page appears.

  4. Click the Runbook settings tab, and then click View recovery targets.

    The Recovery targets dialog box appears.

  5. Click Add recovery target.

    The Select target dialog box appears.

  6. Select Amazon Web Services.

  7. Click Select Target.

    The Add Amazon Target wizard appears.

Configure the General settings

  1. Enter a name for the recovery target.

  2. To register a new AWS account, beside Destination, click Add.

    The Add hypervisor dialog box appears.

  3. Download the Active Directory Forest access node package.

  4. Install the access node package on the server to use as the access node.

    Important access node requirements

    • Deploy the access node as a VM in the AWS EC2 region that the domain controllers will be restored to.

    • When you install the access node package, select a drive with 10 GB or more of free disk space.

    • For adequate restore performance, configure the access node with 16 GB or more of memory.

  5. Wait for the installation to complete successfully.

  6. In the Add hypervisor dialog box, refresh the Access nodes list, and then select the host that you installed the access node package on.

  7. Enter a name for the hypervisor.

  8. Under Advanced options, select AWS STS AssumeRole.

  9. For Credential, select existing credentials or add new credentials.

    Steps to add new credentials

    AWS STS AssumeRole is the recommended credential method. Follow the steps to create the CommvaultAdminRole in your AWS account.

    1. From the Command Center navigation pane, go to Protect > Virtual machines.

      The Overview page appears.

    2. Click Add hypervisor.

      The Configure hypervisor page appears.

    3. Select Amazon Web Services, and then click Next.

      The Configure Amazon Web Services Account wizard appears.

    4. Select the Use your access nodes for backups option.

    5. For Authentication method, select AWS STS AssumeRole (recommended).

    6. Under Launch CloudFormation Template, click Copy Link.

    7. Paste the link into a new browser window.

      Some steps are completed in the AWS CloudFormation portal and might change. The Quick create stack page appears.

    8. Review the stack settings, select the I acknowledge that AWS CloudFormation might create IAM resources with custom names option, and then click Create stack.

    9. Go to the CommvaultAdminRole role that you created.

    10. From the Add permissions menu, select Attach policies.

    11. Select the AmazonS3FullAccess and AmazonSSMManagedInstanceCore policies, and then click Add permissions.

    12. Copy the full ARN value for the role.

      Example: arn:aws:iam:[tenant_id]:role/Commvault/CommvaultAdminRole

    13. Return to the Add hypervisor dialog box, and then do the following:

    14. For Account type, select Cloud Account.

    15. For Vendor type, select Amazon Web Services.

    16. Enter a name for the credential.

    17. Under ARN, paste the ARN value that you copied from the AWS portal.

    18. Click Save.

    Note

    The IAM role that you create in the AWS account must be assigned to the EC2 instance that the access node runs on.

  10. In the Add hypervisor dialog box, click Save.

  11. For Destination, select the AWS recovery target that you created.

  12. For Access node, select the server that you installed the access node package on.

  13. For Security, select the roles that need access to the AWS recovery target.

  14. Click Next.

Configure Destination options

  1. For Availability zone, select the availability zone that the access node belongs to.

  2. For Instance type, select an instance type with at least 16 GB of RAM.

    Example: t3.large

  3. For IAM role for Amazon EC2, select the IAM role that you created earlier.

  4. For Network, expand the virtual network, and then select New Network Interface.

  5. Click Next.

Configure Repave options

On this page, you can specify a clean image to use for restored domain controllers. If you do not specify an image, a Commvault-hosted image is used.

To specify your own Windows Server image, follow these steps:

  1. To add your VM template, click Add.

The Custom image page appears.

  1. For Operating system, select Windows.

  2. Select an image from the Amazon Machine Image (AMI) list.

  3. Click Save.

If you specify your own image, follow these steps to specify a software cache:

  1. For OS Type, select Windows.

  2. Under Software cache, select the server where the software cache is configured.

  3. Click Next.

Place the software cache on the access node that has connectivity to your recovered domain controllers.

Steps to configure a new software cache

  1. From the Command Center navigation pane, go to Explore > Companies.

  2. Click the Software caches tab, and then click Add to create a software cache and specify the server and details to host the cache.

  3. After creating the software cache, from the actions list, select Sync to ensure that the cache is up to date.

Configure Advanced options

  1. To specify a server group, enable the Enable association to a server group toggle key.

  2. For Associate destination server to this server group, select the server group to associate recovered domain controllers with.

×

Loading...