Solved

Restore SQL DB to EC2 Instance - Isolated VPC


Userlevel 1
Badge +5

Good afternoon folks,

We currently have our CV environment installed on-premise and we are looking to test our backups by restoring our VMs (VMWare) into an isolated VPC in AWS which is working great.

Whilst attempting to restore SQL to this isolated environment I have noticed it only gives me the option to restore to one of our existing SQL servers, I assume it is looking for those clients that have the CV agent installed.

I am wondering what my options are for restoring to this isolated AWS VPC - or if this is not possible at all.

icon

Best answer by Jos Meijer 15 August 2022, 19:02

View original

10 replies

Userlevel 7
Badge +23

Hi @KevinDodd , thanks for the thread!

To clarify, are you trying to restore the SQL job, or restore a vm into AWS?

Userlevel 1
Badge +5

Hi @Mike Struening 

Thanks for your reply!

I can restore a VM into our isolated VPC with no issues.

I am having issues (or might just not be possible) restoring the SQL job onto a VM in our isolated VPC.

So for example … I have a VM in our isolated AWS VPC and I want to restore a SQL job onto this VM (either restore directly into the SQL instance or restore the .BAK file) - problem is the server is not listed as one of the possible servers to restore to. This is because, I assume it has no direct connection back to our commvault / commcell environment.

We currently restore VMs (from VMware) directly to the isolated AWS VPC which also doesn’t have a direct connection to our commvault environment, during the restore we just select to restore out of place to AWS, select the isolated AWS VPC and away we go.

I was wondering if there is a similar option / ability to restore a SQL job directly to our isolated AWS VPC.

Hope this makes sense, please let me know if you need anymore clarity.

Userlevel 7
Badge +16

Hi @KevinDodd 

The agent is indeed the issue, or rather the lack of.

The recovery process will only select a target if an agent is present.

Userlevel 1
Badge +5

Thanks @Jos Meijer - I thought that might be the issue.

Well that has thrown a spanner in the works for my backup testing plan.

The plan was to restore to an isolated VPC in AWS as I would be able to keep the same IP addressing range - saves me having to re-IP the servers as I restore them, looks like i’m going to have to re-think this strategy. I might have to create a new subnet that is accessible to the CS server, I was hoping to completely isolated - sort of follow the “dev, test, prod” scenario.

Userlevel 6
Badge +14

Hello @KevinDodd 
Adding this here as it might help with your planning in the future.

For the SQL agent if you are restoring a SQL backup it does not have to be an actual SQL server with MSSQL installed just the SQL agent installed if you only need to restore to disk as a .bak file.

 

Userlevel 7
Badge +16

You will indeed need to introduce a route in order to recover agent based. You can however still isolate the environment for traffic other than recovery by installing agents in restore only mode combined with a gateway construction as described here:

The only difference would be that you replace the mentioned MA with a client group containing the agents in the vpc.

Hopefully this helps to mitigate your security goal.

What @Scott Reynolds said is definitely an option to minimize the communication with the vpc. Just use a proxy/staging server with an agent installed and afterwards move the data (bak file) manually to the desired server.

Userlevel 1
Badge +5

Thanks @Scott Reynolds - useful to know.

@Jos Meijer  thanks for the link and information, funnily enough I was just reading about a network gateway (Endpoint laptop backup over internet | Community (commvault.com)- this might be a working solution!

I could allocate a public IP for the SQL server in the isolated AWS VPC, install the SQL agent then in theory (I think) I should be able to restore our SQL jobs.

Thanks all, much appreciated - you’ve given me some alternative solutions.

Userlevel 7
Badge +23

You could also create a multi-homed proxy - ie. a small VM that is connected to both the internal isolated VPC and another that is accessible by the Media Agent / CommServe. Then configure commvault to route the traffic through this machine to reach the end clients you are trying to perform SQL restores on.

https://documentation.commvault.com/2022e/essential/104855_setting_up_commvault_network_gateway.html

The system requirements (particularly memory) seem a bit high for your use case. For a handful of clients it can be much less. (1GB of memory with a basic linux install is probably more than adequate).

Userlevel 1
Badge +5

Folks, can I ask a further question please?

The isolated AWS isolated VPC has no access to the CV environment via the LAN but I can provide it(our SQL server in isolated VPC) with a public IP and provide internet access, can I communicate over the WAN to my CV environment (assuming I configure our FW correctly etc etc) - is this possible?

Userlevel 7
Badge +16

Sure 🙂

I am guessing your commserve doesn't have direct internet access. Shielded either via a web proxy or a firewall.

I would position a dual nic gateway proxy with one nic in the cv environment and one nic in a vlan on which the firewall passes thru the public IP traffic communication on tcp 8403.

Configure a a dual nic gateway proxy with one nic in the vpc environment and one nic in a vlan on which the firewall passes thru the public vpc IP traffic communication on tcp 8403.

Then connect the bits via a cascaded gateway network topology where on one end your CV infra is configured and on the other end the vpc agents. Your done 🙂

Preferably you would limit the communication from the CV infra and the vcp agents to their respective gateway proxies as well.

There are other solutions, but they introduce possible other dependencies and causes for issues.

Reply