Specifying VM Provisioning Settings for Amazon EC2 Access Nodes

Applies to: MSP admin, tenant admin

You can specify the settings that are used when access nodes for an Amazon EC2 hypervisor are created—either manually by end users or by the Commvault software when auto-scaling access nodes.


  1. From the navigation pane, go to Protect > Virtualization.

  2. Click the Hypervisors tab.

    A list of Hypervisors appears.

  3. Click the hypervisor that you want to configure with VM provisioning settings.

    A page with details about the selected hypervisor appears.

  4. On the Configuration tab, in the Access node section, click VM provisioning settings.

    The VM provisioning settings dialog box appears.

  5. To specify that the VM provisioning settings for this hypervisor are the preferred or "default" settings, move the toggle key Set as system default settings to the right.

    If you enable this setting, when users select a hypervisor, they see a visual indication that these settings are the preferred or default settings.

  6. From the Server group list, select the server group to use for the access nodes.

  7. From the IAM Role list, select the IAM role that has both the AmazonSSMManagedInstanceCore managed policy and the amazon_restricted_role_permissions.json file attached.

    You can find the policy in the AWS console at arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore.

  8. Specify the security group to use for the hypervisor:

    • To use the default security group, move the Deploy access nodes into default VPC toggle key to the right.

      If you select this option, the Commvault software assigns the default security group that is defined within your Amazon Virtual Private Cloud (VPC), instead of a specific security group for your Amazon EC2 instance. For more information, see Default security group for your VPC in the AWS documentation.

    • To specify a different security group, do the following:

      1. Click Add.

        The Add region dialog box appears.

      2. From the Availability zone list, select the availability zone that you want to use to create access nodes.

      3. From the VPC list, select a VPC.

      4. From the Security groups list, select a security group.

        After running a backup job, if you try to change the security group for the access nodes that will be launched in a new security group, the original security group is used anyway. To avoid that problem, remove the access nodes from the server group, and then select a new security group. The software creates new access nodes using the security group that you selected.

      5. From the Subnet list, select a subnet.

      6. From the Key Pair list select a key pair.

        This key pair is used for logging on to the access node.

      7. Click Save.

  9. Under Auto scale, do the following:

    1. In Maximum number of access nodes, enter the maximum number of access nodes that can be created in each region to back up the VMs in the region.

      The default value is 10. The maximum number is 100.

    2. For Default operating system, select the OS for the access nodes.

  10. Click Advanced Settings, and do the following:

    By default, an ARM64 image is selected with a c6.large (default) instance type. If an ARM64 image is not available in the region, then an X86 image with a C5.large instance is selected.

    1. To specify the type of instance that is used to create the Amazon EC2 access nodes, from the Instance type list, select an instance type.

      After running a backup job, if you try to change the instance type for the access nodes that will be launched in a new instance, the original instance type is used anyway. To avoid that problem, remove the access nodes from the server.

    2. From the Network security group list, select a security group.

      Only the following AWS instance types are supported:

      • ARM64: c6.large (default), c7g.large, c7g.xlarge, c7g.2xlarge, c6g.large, c6g.xlarge, c6g.2xlarge, r6g.large, r6g.xlarge, r6g.2xlarge, r6g.4xlarge

      • X86: c5.large (default), c5.xlarge, c5.2xlarge, m5a.2xlarge, r5a.large, r5a.xlarge

    3. To create a public IP address that can be used to access the access nodes, move the Create public IP toggle key to the right.

    4. To specify a network gateway for the access nodes to communicate with the CommServe server, in Network gateway, enter the gateway in the hostname:port format.

    5. To associate users and/or user groups with the VM provisioning settings, from the Security list, select the users and/or user groups.

    6. For User Approval, select a user to send an email for the user's approval.

      Once the user approves, then the create access node job launches.

    7. For Provisioning workflow, the workflows assigned/created by user with prefix underscore (_) are shown.

      Once the access node is created, the workflow is executed on it.

    8. Click Save.

  11. Click Save.