For recovery to an AWS cleanroom site, you need a new AWS account, a new virtual network, a new security group, and other resources.
Note
The steps on this page are performed in AWS, and many of the links are to AWS documentation.
-
Create a new IAM policy using the JSON editor, and paste AWS_permissions_Commvault_Cleanroom.json in the editor.
-
Create a new AWS role and assign the new IAM policy to the new role.
-
Create a new AWS virtual private cloud (VPC) and subnet to logically isolate the recovered VMs/instances.
-
Create a new AWS security group to control access for inbound and outbound traffic for the recovered VMs/instances.
-
To connect to the recovered instances in the isolated network, configure a bastion host.
For information, see the following:
-
Create a new IAM policy using the JSON editor, and paste AWS_permissions_Commvault_Cleanroom.json in the editor.
-
Create a new AWS role and assign the new IAM policy to the new role.
-
Create a new AWS virtual private cloud (VPC) and subnet to logically isolate the recovered VMs/instances.
-
Create a new AWS security group to control access for inbound and outbound traffic for the recovered VMs/instances.
-
For the auto-scaled access nodes create another new virtual private cloud (VPC) and subnet with the following specifications:
-
Connectivity: Establish bidirectional connectivity with your recovered control plane.
-
Port configuration:
-
Open outbound ports 8400 and 8403 for connectivity with your recovered control plane.
-
Open outbound port 443 for Air Gap Protect.
-
-
-
Create a security group for the VPC and subnet created in a previous step for the access nodes, to isolate the auto-scaled access nodes.
-
To connect to the recovered instances in the isolated network, configure a bastion host.
For information, see the following: