Loading...

Configuring a Firewall to Install the Virtual Server Agent on an AWS Instance

To back up Amazon instances, you must deploy the Virtual Server Agent (VSA) on an AWS instance that is in the same region as the instances to be backed up. For restores, you can use a VSA proxy running on an AWS instance or a VSA proxy running on a machine outside of Amazon.

The CommServe host and MediaAgent can also be deployed Amazon instances, or can reside on machines outside of AWS,

The CommServe host, MediaAgent, and VSA proxy must all be able to communicate with each other using one of the following connections:

  • AWS Direct Connect - On premises components and the AWS instance are within the same network. No firewall configuration is required.
  • AWS VPN - Only available if the AWS instance is accessible through VPC. On premises components and the AWS instance are within the same network. No firewall configuration is required.
  • If you are not using AWS Direct Connect or AWS VPN for communication between on premises components and the AWS proxy instance, you can configure a SnapProtect  firewall connection between the on premises components and the AWS proxy instance.

Configuring a SnapProtect  Firewall and Installing the Virtual Server Agent

  1. In the CommCell Console, configure a Windows client for the AWS instance where the VSA will be installed:
    1. Right-click Client Computers and select New Client > File System > Windows.
    2. In the Client Name box, enter a descriptive label for the VSA proxy instance.
    3. In the Windows box, enter the public IP address for the instance.
    4. Click Next.
    5. Verify the client information and click Finish.
  2. Configure firewall settings on the client for the CommServe host:
    1. Under Client Computers, right-click the client for the CommServe host and select Properties.
    2. Click Network.
    3. Click the Firewall Configuration tab.
    4. On the Incoming Connections tab, click Add to add the AWS proxy client connection.
    5. Select the AWS proxy instance in the From list.
    6. Select BLOCKED from the State list.
    7. Click OK.
    8. Click the Incoming Ports tab.
    9. Select 443 from the Listen for tunnel connections on port list.
    10. Click OK.
  3. Configure firewall settings on the client for the AWS proxy:
    1. Under Client Computers, right-click the client for the AWS proxy instance and select Properties.
    2. Click Network.
    3. Click the Firewall Configuration tab.
    4. On the Incoming Connections tab, click Add to add the CommServe host connection.
    5. Select the client for the CommServe host in the From list.
    6. Select RESTRICTED from the State list.
    7. Click OK.
    8. Click the Incoming Ports tab.
    9. Select 443 from the Listen for tunnel connections on port list.
    10. Click OK.
  4. Right-click the CommCell node and select All Tasks > Push Firewall Configuration.
  5. Under Client Computers, right-click the client for the CommServe host and select All Tasks > Push Firewall Configuration.
  6. Log on to the AWS instance.
  7. Download the installation media from Cloud Services or Maintenance Advantage.
  8. Run the installation package and select the Virtual Server Agent package.

    If you are using Amazon cloud storage, you can also select the MediaAgent package,

  9. In the Firewall Configuration page, select Configure firewall services and CommServe can open connection toward this machine.
  10. In the CommServe Information page, enter the client name for the CommServe host.

    Enter only the client name as defined in the CommCell Console, not the fully qualified domain name for the host.

  11. In the Client Computer Information page, enter the name of the client that you created for the AWS proxy instance in the Client Host Name box and the public IP address for the instance in the Host Name box.
  12. In the Firewall Connection Information page, enter 443 in the Local HTTP/HTTPS tunnel port number box.
  13. Complete the installation process.

Related Information

For more information about different firewall configurations, see the following topics: