Provisioning Target Options for Amazon

When you configure a provisioning target for Amazon, provide Amazon-specific values for the destination site.

• Select vendor: Select Amazon Web Services.

• Target name: Enter a descriptive name for the destination site (for example, DR site 1).

• Destination: Select a hypervisor for the destination instances.

• Access node: Select an access node or an access node group to perform operations for the provisioning target.

  For AWS to AWS restores, if you assigned an access node at the hypervisor and VM group levels, both the access nodes are used. For AWS restores, if you assigned an access node at the hypervisor level and the VM group level for both the source and the destination hypervisors, the access nodes assigned for the destination hypervisor are used.

  To restore multiple instances or VMs simultaneously, select Automatic to distribute the workload (instances or VMs) in the auto recovery job across the access nodes that are assigned for the destination hypervisor.

  The instances are assigned to the access nodes by a region match.

  Please refer to the available transport modes and select access nodes accordingly. The following modes are available:

  • Commvault HotAdd: Uses Commvault HotAdd for all restores to AWS when the access node and destination are in the same zone. See, Replication Using the Commvault HotAdd transport mode.

  • Amazon EBS direct: Uses EBS Direct API for cross-zone and cross-region Full VM and attach disk restores. See, Periodic VM Replication Using Amazon EBS Direct APIs.

    AWS VM Import/Export: Uses AWS Import/Export for cross-region VM conversions. See, VM Replication Using the AWS VM Import/Export Transport Mode.

    If you select an access node group to restore VMs, the Commvault software distributes the workload (instances or VMs) in the restore job across the access nodes (also called proxies) that are available in the access node group.

• Security: Select the users or user groups that you want to have access to the target.

• VM display name: Select Use original name, Add a prefix to the entity name, or Add a suffix to the entity name, and then enter a string to be appended to the original display name to create new destination entity names.

Destination Options

• Availability zone: Select the destination zone.

• Instance type: To specify a specific instance type, clear this selection and from the Instance type list, select an instance type that provides the available CPU cores and memory for the instance.

• Key pair: Select a key pair. For Windows instances, if the administrator password has been set, use that password. You cannot use a new key pair to retrieve the password.

• Iam role for Amazon EC2: Select the IAM role for destination instance.

• Network: Select a network interface for the destination instances.

• Security groups: To specify a specific security group, clear this selection and, from the Security groups list, select a security group for the destination instances.

  If you select an existing network, the security group will be automatically selected and not enabled.

• Volume type: To select a volume type for the provisioning target, clear this option, and then select a volume type that is optimized for transactional workloads or streaming workloads, for the instance.

  The auto volume type used for restore to AWS is General Purpose SSD (gp2), and for restores from AWS to AWS, the volume type of the source instance is used.

  The following volume types are available:

  • General Purpose SSD (gp2)

  • General Purpose SSD (gp3)

  • Provisioned IOPS SSD (io1)

  • Provisioned IOPS SSD (io2)

  • Throughput Optimized HDD (st1)

  • Cold HDD (sc1)

  • Magnetic (standard)

• KMS key: Select an encryption key or option:

  Important

  • Commvault recommends that you enable default encryption of EBS volumes in each AWS account that creates EBS volumes. For information, see Enable encryption by default in the AWS documentation.

    • The following key types are supported:

    • AWS managed keys

    • AWS owned keys

    • Customer managed keys, including multi-region keys

  • Auto: This option is available for restores to a different AWS Region.

    If the identity that performs the restore has the ec2:GetEbsDefaultKmsKeyId action, then the default KMS key for EBS encryption will have "Default EBS Key" tag. The ec2:GetEbsDefaultKmsKeyId action is included in amazon_restricted_role_permissions.json.

  • No encryption: This option is not recommended. The AWS Well-Architected Framework (SEC08-BP02) recommends enforcing encryption at rest for sensitive data.

Virtualize Me Options

• Enable association to a server group: To associate the destination VM with a server group, move the Enable association to a server group toggle key to the right and select the server group.