Hello @youda
Thanks for the great question!
You have asked very broad questions that i think if you are wanted an exact answer tailored to your answer then Commvault professional services are going to be better at getting that answer to you.
But in a general sense if you are attempting to protect a client that is on-prem and the media agent is in the cloud and writing to a cloud storage then a direct connect would be a solution:
https://aws.amazon.com/directconnect/
A normal design is to have a local MA with local storage on a short retention Aux copy the data to the cloud to save on the amount of data needed to move but if it is a small amount than maybe using the direct connection may be an answer for you.
As advised above, Commvault PS is going to be the best to field this question and give you a quality answer as it is a architectural type question.
Kind regards
Albert Williams
Hello @youda
Unless you are using an AWS VPC (Virtual Private Connection) all of the network configuration must be done by your Internal Network Team. Commvault cannot setup your network for you.
Even if you are using a VPC, Commvault cannot assist you in your network configuration. To the software, the VPC is transparent. It is configured between AWS and your Network, using a DNS Forward to forward traffic to the VPC hostname.
Thank you,
Collin
You need to build an externally facing proxy in AWS. Use a topology to route traffic from those agents to the media agent through the gateway. Ideally, throw the proxy/gateway in a DMZ with only ports required talking into the MA. If the locations are static also restrict to only allow the external IPs of those locations to communicate with the proxy. If not familiar engage PS but pretty straightforward process.