Restrictions and Known Limitations for Protecting Amazon EC2 with Commvault

There are limitations and known issues for protecting Amazon EC2 instances, Amazon EBS volumes, and Amazon VPC resources with Commvault. Workarounds, if available, are included.

Amazon EC2

• Amazon EC2 Spot Instances can be protected. But they can be restored only as non-Spot (that is, on-demand) instances.

• Amazon Machine Images (AMIs) that are used to provision Amazon EC2 instances (public, private) are not protected.

• Static IP addresses on protected EC2 instances are not restored. The Commvault software converts static IP addresses to DHCP as follows:

  • For restores using the Import method, static IPs are converted to DHCP.

  • For restores of Windows instances using the HotAdd method or the EBS Direct method, static IP addresses are converted to DHCP, unless the DHCP service is disabled.

  • For restores of Linux instances using the HotAdd method, static IP addresses are converted to DHCP during the driver injection process.

  • For restores of Linux instances using the EBS Direct method, static IP addresses are not automatically converted to DHCP. You must manually enable DHCP -- either on the source instance before the restore or on the restored instance after the restore.

• Private primary IP addresses (IPv4) are collected during Amazon EC2 instance backups, but are re-created during full instance restores.

• Custom primary private IP addresses are not restored (IPv6).

• Custom CPU configurations on protected EC2 instances are not restored.

• Full instance out-of-place restores of Amazon EC2 instances that were deployed from the AWS Marketplace do not restore AMI product codes.

• User data is not protected or restored as part of EC2 instance protection.

• For EC2 instances that have multiple network interface controllers (NICs), all the NICs are backed up. However, when the intance is restored, only one NIC is restored.

Amazon EBS

• Amazon EBS gp3 volume throughput settings are not retained during a full instance restores.

• Amazon EBS gp3 volume capacity, IOPS, and throughput settings are restored, but cannot not be customized during restores.

• Amazon EBS io2 block express volumes are not protected or recoverable.

• Amazon EBS instance store volumes are not protected or restored as part of EC2 instance protection.

  Note

  To perform file system level backup and recovery of EC2 instance store data, you can install Commvault file system agents inside the EC2 instance.

Amazon VPC

Commvault protects and gathers the underlying AWS resources and configuration metadata for the following resources, but, if they are missing, Commvault does not re-create them during an Amazon EC2 full instance restore. Resources are listed as they appear in the Amazon VPC management console.

Virtual Private Cloud

• Subnet CIDR reservations (IPv4, IPv6)

• Route tables (Main, Custom)

• Internet gateways

• Egress-only internet gateways

• Carrier gateways (AWS Wavelength)

• Elastic IPs (IPv4)

  • Public IPv4 addresses

• Managed prefix lists

• Endpoints (Interface, Gateway)

• Endpoint services

• NAT gateways (Public, Private)

• Peering connections

• VPC Flow Logs

• Transit gateways, associations, maximum transmission units (MTUs), route tables, route propagation

• Virtual private networks: Customer gateways (site-to-site VPN connections), virtual private gateways (VPN gateways)

• Network access control lists (Network ACLs)

  • AWS Verified Access

    • Verified Access instances

    • Verified Access trust providers

    • Verified Access groups

    • Verified Access endpoints

  • DNS firewall

    • Route 53 Resolver DNS firewalls (Rule groups, Domain lists)

  • Network firewalls

    • Network firewalls (firewalls, firewall policies, Network Firewall rule groups, TLS inspection configurations, Network Firewall resource groups)

  • Virtual private network

    • Site-to-Site VPN Connections (AWS Site-to-Site VPN, AWS Client VPN, AWS VPN CloudHub, third-party software VPN appliances)

    • AWS Client VPN endpoints

  • VPC Lattice

    • Service networks

    • Services

    • Target groups

  • Transit gateways

    • Transit gateway policy tables

    • Transit gateway route tables

    • Transit gateway multicast

  • Traffic Mirroring

    • Mirror sessions

    • Mirror targets

    • Mirror filters

  • Cloud WAN resources

  • Network Manager

    • IP Address Manager (IPAM) pools

    • Network Access Analyzer

    • Reachability Analyzer

  • AWS Direct Connect

    • Routers

Security

• Default VPCs are restored as non-default VPCs.

• Default VPC security group is restored only when the source VM has the corresponding default security group associated.