Verify that the access nodes that you use for backups of content in AWS meet the requirements. Access nodes run backups and other operations.
Deploying a Cloud Access Node from AWS Marketplace
Commvault provides the following AWS Marketplace products to simplify the deployment of Cloud access nodes within AWS:
Supported AWS Regions
Commvault supports all AWS regions that are supported by the AWS SDK for .NET Version 3. For a list of those regions, see Amazon Regions.
AWS Identity and Access Management Requirements
The access node is responsible for performing backup and recovery of the following AWS services:
-
Amazon Elastic Compute Cloud (Amazon EC2)
-
Amazon Elastic Block Store (Amazon EBS)
The access node is also responsible for performing cross-hypervisor restores or VM conversion. For more information, see Amazon Web Services User Permissions for VM Conversion.
Cross-Account Protection
For streaming backups and backup copies, the access node may reside in the account being protected or a shared service account. Fore more information, see Use Service Account Resources.
Operating System Requirements
The access node is available as a pre-installed image available in AWS Marketplace. Marketplace images are available running the following Linux/Unix distributions:
-
64-bit Arm – Amazon Linux 2
-
64-bit x86 – Red Hat Enterprise Linux (RHEL) 8.x
You can build and configure access nodes based on your organizational needs. The following Operating Systems are supported for self-built access nodes:
-
64-bit Arm (AWS Graviton)
-
Amazon Linux 2 (AWS Graviton instances)
-
Red Hat Enterprise Linux (RHEL) 8.x
-
CentOS 7.x
-
-
64-bit x86 (Intel/AMD EpycTM instances)
-
Red Hat Enterprise Linux (RHEL) 7.x, 8.x
-
CentOS 7.x
-
Oracle Linux 8.x using RHEL-compatible kernel or UEK kernel
-
Commvault supports the Virtual Server Agent package on the following Microsoft Window servers:
-
Microsoft Windows Server 2022 (Standard, Datacenter) (64-bit only)
-
Microsoft Windows Server 2019 (Standard, Datacenter) (64-bit only)
-
Microsoft Windows Server 2016 (Standard, Datacenter) (64-bit only)
-
Microsoft Windows Server 2012 R2 (Standard, Datacenter) (64-bit only) (Nano Server installation not supported)
Note
For optimal runtime costs, Commvault recommends that you use Linux-based access nodes.
Hardware Specifications
Note
For information about hardware requirements for the Virtual Server Agent, see Hardware Specifications for Virtual Server Agent.
Snapshot Only Mode
Processor |
Requirements |
---|---|
64-bit Arm, Amazon EC2 C6g.large |
|
64-bit (x86), Amazon EC2 C5a.xlarge/C5a.2xlarge |
|
Snapshot and Streaming Mode
The following configurations include standard sizing based on the amount of data protected at the client. The acronym FETB refers to a front-end TB or a TB of protected data at the client, prior to deduplication or compression.
64-bit Arm
Available as AWS Marketplace Image. For more information, see Commvault Cloud Access Node ARM BYOL.
Size |
Requirements |
---|---|
Extra small |
|
Small |
|
Medium |
|
64-bit (x86)
Available as AWS Marketplace Image. For more information, see Commvault Cloud Access Node ARM BYOL.
Size |
Requirements |
---|---|
Extra small |
|
Small |
|
Medium |
|
Supported Restores
When you use a 64-bit (Arm) Amazon EC2 instance (AWS Graviton), you can restore only full instances, not individual files and folders.
If you need to restore individual files and folders, deploy a 64-bit (x86) instance.
Storage Requirements
Commvault requires the following minimum storage requirements for self-built access nodes in AWS:
-
1 x 10 GB EBS gp3 volume for the operating system
-
1 x 25 GB EBS gp3 volume for the deduplication database (DDB)
-
1 x 80 GB EBS gp3 volume for the binaries, log files, Job Results folder, and index cache
If performing backups with the Index files after backup option enabled, the location of the Job Results folder should contain additional space to accommodate at least 2 percent of the total amount of data being backed up.
-
The default location for Job Results is:
software_installation_directory\iDataAgent\JobResults
-
The default location for Job Results on AWS Marketplace deployed images is:
/mnt/commvault_jobresults/commvault/iDataAgent/jobResults
Software Dependencies
-
Access nodes must have the mono linux package installed. Access nodes acting as a MediaAgent must have the lvm2 linux package installed for DDB backups. See, Disabling lvmetad for Linux VMs.
-
Access nodes protecting Amazon Elastic File System (EFS) must have the nfs-utils linux package installed to mount EFS exports.
-
Access nodes protecting Amazon FSx for Windows shares must have the cifs-utils linux package installed to mount FSx shares.
-
Access nodes must contain the Commvault Virtual Server Agent (VSA) package, and optionally the Commvault CloudApps package, and MediaAgent.
Supported Restores
-
The Commvault CloudApps package is not currently supported on 64-bit Arm Instances.
-
Protection of the following AWS services must be performed using a 64-bit (x86) access node at this time:
-
Amazon S3
-
Amazon RDS (including Amazon Aurora)
-
Amazon Redshift
-
Amazon DynamoDB
-
Amazon DocumentDB
Size
Requirements
Extra small
-
5–10 FETB
-
c5a.xlarge (2 vCPU, 4 GB RAM)
Small
-
10–25 FETB
-
c5a.2xlarge (4 vCPU, 8 GB RAM)
Medium
-
25–50 FETB
-
c5.2xlarge (8 vCPU, 16 GB RAM)
-
-
Access Node Placement
For optimal performance, deploy the access node in the same region as the workload and within AWS. The access node must reside in the same region as the workload being protected for optimal data transfer. Commvault recommends deploying access nodes within AWS for optimal backup and restore transfer throughput.
Other areas where access nodes can reside include:
-
Amazon EBS direct API protection allows for the access node to reside anywhere (in region, cross region, on-premises), if the EBS direct service endpoint is accessible. Optimal performance and cost is achieved when locating the access node within the same region and using a VPC endpoint.
-
Commvault HotAdd backup and recovery mode requires that the access node reside in the same region as the workload being protected.
-
Access nodes can reside on-premises for both snapshot (IntelliSnap) and streaming backups. Access nodes can be shared to protect multiple accounts, see Using Resources from and Admin Account.
Network Requirements
-
Commvault supports any Layer 3 network technology both within and between cloud and on-premises. The technology includes Amazon Direct Connect, AWS Site-to-Site VPN, AWS Client VPN.
-
Commvault supports AWS VPC, AWS Transit Gateway, and AWS Privatelink to control and direct traffic between AWS and on-premises networks.
-
The access node requires Layer 3 network connectivity to the the AWS service endpoints as described in Requirements for Connectivity to AWS Service Endpoints.
Note
The service endpoints include global endpoints that do not support Amazon VPC endpoints. Commvault can tunnel command and control communication to endpoints using a HTTP Proxy.
-
Commvault recommends the use of Amazon VPC endpoints when data transfer will occur to or from the endpoint. Endpoints include Amazon EBS direct APIs backup and restores, and Amazon S3 backup, recovery and Cloud Libraries.
-
The Virtual Server Agent requires Layer 3 network connectivity to the Commvault MediaAgent on port 8403. You can restrict communication to one-way communication using Commvault Network Topologies.
-
If the MediaAgent and the access node are in different AWS accounts or in different Virtual Private Clouds (VPCs), you can configure Amazon VPC peering, as described in the AWS article VPC peering basics.
Firewall Requirements
In an environment with firewalls, the flow of communication must be permitted by configuring the Amazon EC2 security group on the CommServe, MediaAgent, and access node.
-
The CommServe, MediaAgent, and access node must be able to communicate with each other on TCP: 8400, 8403. Communication may be limited to occur one-way or two-way.
-
The Commvault CommServe must be able to contact the access node on TCP: 8400, 8403 to perform initial installation and client registration and ongoing backup and recovery.
-
The Commvault access node must be able to contact the Commvault MediaAgent on TCP: 8400, 8403 or vice versa.
-
The Commvault MediaAgent must be able to contact the CommServe and access node on TCP: 8400, 8403 or vice versa.
Hardware Requirements
When deploying AWS, follow the hardware requirements for the Virtual Server Agent package. Commvault has two modes of operation for the access node:
-
Snapshot-only mode: Backup and recovery consists solely of orchestrating AWS-native snapshots of Amazon EC2, Amazon RDS, Amazon RedShift, and Amazon DynamoDB instances.
-
Snapshot and streaming mode: Backup and recovery consists of snapshot orchestration (per snapshot-only mode) and the additional creation of a streaming backup copy located on Commvault controlled storage.
All configurations assume that Commvault deduplication is in-use to minimize storage and network egress costs.
Note
For best price-performance, Commvault recommends that you use AWS Graviton instances (64-bit Arm).
Nutanix Cloud Clusters (NC2) with Amazon EC2
Commvault supports data protection and management for Nutanix Cloud Clusters (NC2) on Amazon EC2.
Related Topics
-
For information on IAM Roles and policies required for the access node to perform its role, see Amazon Web Services User Permissions for Backups and Restores.
-
Configuring a Firewall to Install the Virtual Server Agent on a Cloud VM or Instance
DISCLAIMER
Certain third-party software and service releases (together, "Releases") may not be supported by Commvault. You are solely responsible for ensuring Commvault’s products and services are compatible with any such Releases.