commvault.com commvault.com
Solved

AWS Access Node placement

  • 12 January 2024
  • 8 replies
  • 129 views
F
Rank
Userlevel 1
Badge +2

Hi Team,

in the CVLT documentation we found the following limitation:

For streaming backups and backup copies, if the access node used for backups and restores is running on an Amazon EC2 instance, the access node must be available in the same user account as the instance being backed up or restored. This requirement does not apply to IntelliSnap backups

https://documentation.commvault.com/2024/essential/system_requirements_for_protecting_amazon_ec2_instances.html

Does it mean that if we backup Oracle/Hana inside an EC2 with CVLT Agent we must place the AN in the same AWS account as Oracle EC2 ?

 

While in the following link we see indicated that :

Hypervisors can use AWS service account resources for the following operations:

  • Streaming backup

  • Etc

Using Resources from a Service Account (commvault.com)

 

Can you please confirm if AccNode can definitely be deployed solely into a Service Account w/o limitations ?

Many Thanks.

Francesco

icon

Best answer by BackupDev 17 January 2024, 11:48

View original

8 replies

Chris Hollis
Rank
Userlevel 6
Badge +15

Hi @Francesco_Russo 

Can you please confirm if AccNode can definitely be deployed solely into a Service Account w/o limitations ?

Could you confirm, how are you wanting/planning on doing the backup of the Oracle instance?... is it resident to the EC2 instance VM itself or is it an RDS instance which is independent to any other host runs directly from AWS as an RDS instance?

Or are you asking about agentless backup on a VM for oracle instance inside it?

In the meantime, I’ll see if I can find out from some internal sources, otherwise hopefully someone else in the community has experience with this.

Regards,

Chris 

Chris Hollis
Rank
Userlevel 6
Badge +15

@Francesco_Russo 

I received some internal feedback stating ‘we support cross account backup with consolidated access nodes in a shared services account.’

I want to get official confirmation so will cross check this statement with my development team and if so, will look to get documentation updated to be clearer.

Regards,

Chris

B
Rank
Userlevel 1
Badge +2

@Francesco_Russo , if you are planning to use Oracle agent to perform backups, the agent must be installed in the EC2 instance (host) itself. There is no further requirement of access node.

https://documentation.commvault.com/2023e/expert/getting_started_with_oracle_agent.html

 

Can you clarify the questions @Chris Hollis asked earlier if the above is not the case.

Could you confirm, how are you wanting/planning on doing the backup of the Oracle instance?... is it resident to the EC2 instance VM itself or is it an RDS instance which is independent to any other host runs directly from AWS as an RDS instance?

Or are you asking about agentless backup on a VM for oracle instance inside it?

 

Regards,

F
Rank
Userlevel 1
Badge +2

Hi All,

we are going to backup both RDS and Oracle/Hana inside the EC2 with CVLT Agent.

The plan is:

  • EC2 Backup: Instellisnap using EBS-API to reduce costs + Backup Copy to S3 + Additional S3 Copy to DR AWS Region
  • RDS Backup: Snapshot + Snapshot Copy to AWS DR Region
  • Stream based Backup of Oracle/Hana installed locally inside EC2 with CVLT Agent: Primary Copy to local S3 + DASH to AWS DR Region S3

So I need to be sure that we can simply install the MA/AN on a single AWS shared account and be able to backup data that resides on different AWS Accounts.

Or, if we need the MA in the shared account but one AN on every other AWS Account.

Many thanks.

Regards,

Francesco

 

F
Rank
Userlevel 1
Badge +2

The way I read “For streaming backups and backup copies, if the access node used for backups and restores is running on an Amazon EC2 instance, the access node must be available in the same user account as the instance being backed up or restored. This requirement does not apply to IntelliSnap backups” is as follows: if AN is inside and AWS EC2 (and not on a Vmware VM maybe on prem), then we need a single AN on every AWS Account where “EC2+Oracle” resides. This is not a requirements for Intellisnap backup.

The customer has around 15 AWS Accounts with several Linux EC2 and Oracle/Hana inside. So in this case do I just need the AN on the shared account or not.

Thanks.

Francesco

B
Rank
Userlevel 1
Badge +2

Hi @Francesco_Russo,

 

  1. RDS Backup: Snapshot + Snapshot Copy to AWS DR Region.

                 For this use case, you may use the common access node / MA with STS assume role configuration. Specify the required account’s (to be protected) STS assume role for the RDS instance configuration in Commvault Command Center.

https://documentation.commvault.com/2023e/essential/creating_cloud_database_instance_for_amazon_rds_using_new_aws_account.html

 

  1. Stream based Backup of Oracle/Hana installed locally inside EC2 with CVLT Agent: Primary Copy to local S3 + DASH to AWS DR Region S3

                    For this use case, each EC2 instance with database to be protected should have the Oracle / Hana Commvault agent installed along with Media Agent / Storage Accelerator package so that the data can directly be written to the S3. This would reduce the hop for data movement from EC2 instance to a common MA and then to cloud library.

https://documentation.commvault.com/2023e/essential/oracle_01.html

https://documentation.commvault.com/2023e/essential/sap_hana.html

 

Thanks,

F
Rank
Userlevel 1
Badge +2

Hi @BackupDev 

to reduce the traffic, can I not simply use Client Side Dedupe to write to a common MA/AN ?

Thanks.

Francesco

B
Rank
Userlevel 1
Badge +2

Hi @Francesco_Russo ,

 

Having SA on client may allow to write backups directly to target S3 endpoint.

Eventually, this is to be configured as per your environment and requirements.

 

Thanks,

Reply


Terms & ConditionsCookie settings