VMware Cloud on AWS

You can deploy Commvault to protect workloads running in VMware Cloud on AWS. The vCenter and hosts reside on high-performance servers in the AWS datacenter.

  • The CommServe system (CS) is the machine running Commvault software.

  • The Virtual Server Agent (VSA) manages backups and restores for virtual machines.

  • The MediaAgent (MA) handles data movement.


VMware Cloud on AWS operates in the same way as an on-premises deployment of VMware, except that AWS does not provide access to hosts.

  • vSAN is used as a shared datastore

  • SDDC (Software-Defined Data Center) versions supported: 1.3, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12, 1.13, 1.14, 1.15, 1.16, 1.18, 1.19, and 1.20

For best results, use an S3 VPC endpoint to communicate with S3 resources.

Commvault Deployment and Configuration

For best results, deploy Commvault components on guest VMs on VMware Cloud. The CommServe software, VSA proxies, and MediaAgents can be installed on a single standalone VM, or on separate VMs.

  • Create a virtualization client, entering the fully qualified domain name (FQDN) for the vCenter host name, and then configure the vCenter username using any of the following methods:

    • Use cloudadmin@vmc.local as the vCenter username.

    • Use the Active Directory (AD) user or group that is assigned to the CloudAdmin role.

  • Deploy Virtual Server Agent (VSA) proxies on virtual machines running on VMware Cloud on AWS or AWS EC2 instances.

  • Add virtual machines to a subclient that is used as a target for backups.

  • Configure backups to use S3 libraries for storage.

  • For IntelliSnap backups, configure the VSA subclient to use Virtual Server Agent Snap as the snap engine. For more information, see IntelliSnap Protection for VMs on VVol or VSAN Datastores.

  • To perform agentless file recovery operations, enable communication between the VMware Cloud Compute Gateway (CGW) and the VMware Management Gateway (MGW). This is not a default configuration for VMware Cloud on AWS. From the VMware Cloud on AWS portal for SDDC 1.6 or 1.7, perform the following operations on the Networking & Security tab:

    • For Inventory>Groups, define a Management Group that includes the IP addresses for the compute network where VSA proxies reside.

    • For Security>Gateway Firewall, add a firewall rule for the Management Gateway that allows outbound traffic from the management group you defined to ESXi hosts using TCP port 443.


Commvault Version 11 supports the following features with VMware Cloud on AWS:

  • Backups and restores using vStorage APIs for Data Protection (VADP)

  • Changed block tracking (CBT)

  • Full, incremental, and synthetic full backups

  • Restores of full VMs, VMDKs (alone or attaching to a VM), and guest files and folders

  • Hotadd transport mode

  • NBD transport mode (SDDC Version 1.8 or a more recent version)

  • Application-aware backups

  • VM conversion from VMware to Amazon

  • Live Sync replication and Live Sync Direct for snapshot-based replication


  • Because there is no access to hosts, the following Commvault features are not supported for VMware Cloud on AWS:

    • Live VM recovery using vMotion

    • Live mount

  • When you restore a VM to a different ESXi host or cluster, you must specify the resource pool and VM folder path for the restored VM.