Using predefined workflows, you can scan and validate backed up Amazon EC2 instances to identify vulnerabilities, such as viruses and verify that the VMs are safe to restore. After the workflows are complete, you can view a report of the scan results.
For each EC2 instance that you want to scan, the Commvault software needs a restore worker VM in the AWS account. The workflow restores and attaches Elastic Block Store (EBS) volumes from the storage library containing EC2 instance backups to the worker VM, and then runs the Threat Analysis scan. After the scan is complete, the VM Scan Analysis report is generated. The report displays the status of the scanned jobs.
Before You Begin
Download the AWSThreatScan app configuration file from the Commvault Store. After downloading the file, do either of the following:
-
Import the app configuration file from Developer tools > CV apps > Import from file to deploy the workflows.
-
Extract the AWSThreatScan configuration file to import the workflows manually.
Procedure
-
Configure an Amazon EC2 hypervisor to represent the AWS account where the restore worker VMs are configured. For more information, see .
-
Deploy worker VMs from the AWS Marketplace AMI. For instructions, see Deploying a Commvault Linux Access Node from AWS Marketplace and Deploying a Commvault Windows Access Node from AWS Marketplace.
-
Configure a server group for the restore worker VMs. For information on creating a server group, see Adding a Server Group by Using Manual Association.
For information on system requirements for the restore worker VMs, see Software, Hardware, and Other Requirements for Restore Worker VMs.
-
Import and deploy the AWS_ControllerScan and AWS_VMScan workflows in your CommCell environment.
Note
Only CommCell administrators or users with administrative permissions can access, create, and edit workflows on the Developer tools > Workflows page. For more information about creating and editing workflows, see Creating and Managing Workflows.