Deploy Media Agent to AWS to backup regional on premise data for several sites

  • 7 December 2023
  • 3 replies


We have several remote offices in the Asia-Pacific region.  We are interested in deploying a Media Agent at AWS to service those locations.  These locations don’t have VPN access to AWS so we would need to send data securely from on premise servers in the several countries to the media agent for long term storage.  Servers are small, windows servers,  generally less than 2TB of file data with small rates of change.  No VMs.

I am looking for some help to configure networking from the on premise servers to the Media Agent at AWS.


3 replies

Userlevel 5
Badge +10

Hello @youda 

Thanks for the great question!
You have asked very broad questions that i think if you are wanted an exact answer tailored to your answer then Commvault professional services are going to be better at getting that answer to you. 

But in a general sense if you are attempting to protect a client that is on-prem and the media agent is in the cloud and writing to a cloud storage then a direct connect would be a solution:

A normal design is to have a local MA with local storage on a short retention Aux copy the data to the cloud to save on the amount of data needed to move but if it is a small amount than maybe using the direct connection may be an answer for you. 

As advised above, Commvault PS is going to be the best to field this question and give you a quality answer as it is a architectural type question.

Kind regards

Albert Williams

Userlevel 5
Badge +13

Hello @youda 

Unless you are using an AWS VPC (Virtual Private Connection) all of the network configuration must be done by your Internal Network Team. Commvault cannot setup your network for you.

Even if you are using a VPC, Commvault cannot assist you in your network configuration. To the software, the VPC is transparent. It is configured between AWS and your Network, using a DNS Forward to forward traffic to the VPC hostname.


Thank you,

Badge +2

You need to build an externally facing proxy in AWS.  Use a topology to route traffic from those agents to the media agent through the gateway.  Ideally, throw the proxy/gateway in a DMZ with only ports required talking into the MA.  If the locations are static also restrict to only allow the external IPs of those locations to communicate with the proxy.  If not familiar engage PS but pretty straightforward process.