When you configure a hypervisor to use service account resources, most processes that are initiated from the member account hypervisor use resources from the service account and most of the processing is performed in the service account, with minimal effect on the member account. When using resources from a service account, you must add JSON permissions to both the service account and the member accounts.
AWS account terms are defined as follows:
-
Service account: A hypervisor that is added to Commvault and that contains shared backup resources such as access nodes and cloud libraries.
-
Member account (also called workload account): An organizational account with workloads to protect. Member accounts are accessed by service accounts for the purposes of backup and recovery.
Streaming Backup Processes
Streaming backup processes use the following steps:
-
On the member account:
-
Create an Amazon Machine Image (AMI) from the source Amazon EC2 instance.
-
Share the AMI to the service account.
-
-
On the service account:
-
Create Amazon EBS volumes from the AMI.
-
Attach Amazon EBS volumes to the access node, create an Amazon EC2 instance, and back up the Amazon EC2 instance and Amazon EBS volumes.
-
Detach the Amazon EBS volumes, and then delete them.
-
Delete the AMI.
-
IntelliSnap Backup Processes
During IntelliSnap backups, the AMI and snapshots are created in the account that contains the guest VMs.
IntelliSnap backup processes use the following steps:
-
For each Amazon EC2 instance, create an AMI.
This operation creates crash-consistent snapshots of Amazon EBS volumes.
-
Write the Amazon EC2 instance configuration file and the Amazon EC2 instance metadata to the backup index.
Backup Copy Processes
Backup copy processes use the following steps:
-
On the member account, share snapshots with the service account.
-
On the service account:
-
Create Amazon EBS volumes.
-
Attach the Amazon EBS volumes to the access node.
-
Back up the Amazon EBS volumes.
-
Detach the Amazon EBS volumes.
-
Unshare the snapshots.
-
HotAdd Restore Processes
HotAdd restore processes use the following steps:
-
On the service account:
-
Create empty Amazon EBS volumes.
-
Attach the Amazon EBS volumes to the access node and create an Amazon EC2 instance.
-
Restore data.
-
Detach the Amazon EBS volumes.
-
Create a snapshot of the Amazon EBS volumes, and then delete the Amazon EBS volumes.
-
Share snapshots to the member account.
-
-
On the member account:
-
Create Amazon EBS volumes from snapshots.
-
Create the Amazon EC2 instance and attach the Amazon EBS volumes.
-
Import Restore Processes
Import restore processes use the following steps:
-
On the service account:
-
Initialize the cloud file system.
-
Attach the Amazon S3 prefix to the access node.
-
Share the Amazon S3 bucket to the member account.
-
Restore data as Virtual Hard Disk (VHD) pages in Amazon S3.
-
Merge the VHDs.
-
Launch the AWS VM Import task to create an AMI.
-
Share the AMI to the member account.
-
-
On the member account, restore the Amazon EC2 instance from the AMI.
Live Browse and File Recovery Processes
For streaming backups, live browse and file recovery processes are unchanged for processes that use resources from a service account.
Agentless File Recovery Processes from Streaming Backups
Agentless file recovery processes use the following steps:
-
Restore files to the local access node.
-
Share the Amazon S3 bucket to the member account.
-
Upload to the Amazon S3 bucket.