Veeam Backup 11 0 Aws Integration User Guide
Veeam Backup 11 0 Aws Integration User Guide
Version 11
Integration with Veeam Backup for AWS Guide
October, 2021
© 2021 Veeam Software.
All rights reserved. All trademarks are the property of their respective owners.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any language in any form by any means, without written permission from Veeam Software
(Veeam). The information contained in this document represents the current view of Veeam on the issue
discussed as of the date of publication and is subject to change without notice. Veeam shall not be liable for
technical or editorial errors or omissions contained herein. Veeam makes no warranties, express or implied, in
this document. Veeam may have patents, patent applications, trademark, copyright, or other intelle ctual
property rights covering the subject matter of this document. All other trademarks mentioned herein are the
property of their respective owners. Except as expressly provided in any written license agreement from Veeam,
the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other
intellectual property.
NOTE :
Read the End User Software License Agreement before using the accompanying software programs. Using
any part of the software indicates that you accept the terms of the End User Software License Agreement.
2 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Contents
CONTACTING VEEAM SOF TWARE ................................ ................................ ........................... 6
ABOUT THIS DOCUMENT ................................ ................................ ................................ ..... 7
OVERVIEW ................................ ................................ ................................ ...................... 8
BACKUP INFRASTRUCTURE COMPONENTS ................................ ................................ ................ 9
PLANNING AND P REPARATION ................................ ................................ .............................. 11
System Requirements .......................................................................................................................... 12
Used Ports ..........................................................................................................................................14
Required Permissions ........................................................................................................................... 15
Licensing .............................................................................................................................................18
License Limitations ....................................................................................................................19
Licensing Scenarios ................................................................................................................... 20
Managing Licensed Instances ...................................................................................................... 21
DEPLOY MENT AND CONFIGURATION ................................ ................................ ...................... 24
Installing Plug -In ................................................................................................................................ 25
Upgrading Plug-In .............................................................................................................................. 26
Adding Veeam Backup for AWS Appliances .......................................................................................... 27
Connecting to Existing Veeam Backup for AWS Appliances .......................................................... 28
Deploying New Veeam Backup for AWS Appliances .....................................................................40
Managing Veeam Backup for AWS Appliances ....................................................................................... 51
Viewing Snapshots and Backups ................................................................................................ 52
Editing Appliance Settings......................................................................................................... 53
Opening Appliance Web UI ........................................................................................................ 54
Upgrading Appliances ............................................................................................................... 55
Rescanning Appliances .............................................................................................................. 56
Removing Appliances ................................................................................................................ 57
Adding S3 Backup Rep ositories ............................................................................................................60
Deploying Standard Backup Repositories .................................................................................... 62
Deploying Archive Rep ositories .................................................................................................. 71
Managing Backup Repositories .............................................................................................................81
Uninstalling Plug-In ............................................................................................................................ 82
DATA PROTECTION ................................ ................................ ................................ ...........83
Creating Backup P olicies ..................................................................................................................... 84
Managing Backup P olicies ................................................................................................................... 85
Starting and Stopping Policies ................................................................................................... 86
Editing Policy Settings .............................................................................................................. 88
Disabling and Removing Policies ................................................................................................ 89
3 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Managing Backed-Up Data ...................................................................................................................91
Creating Backup Copy Jobs for EC2 Instances ....................................................................................... 95
Copying EC2 Instance Backups to Tapes ............................................................................................... 96
Viewing Statistics ............................................................................................................................... 97
DATA RECOVERY................................ ................................ ................................ ............. 98
Restoring Amazon EC2 Instances ......................................................................................................... 99
Step 1. La unch Restore to Amazon EC2 W izard.......................................................................... 100
Step 2. Select EC2 Instances and Restore P oints ........................................................................ 101
Step 3. Choose Restore Mode ...................................................................................................102
Step 4. Specify IAM Identity .....................................................................................................103
Step 5. Specify Datacenter Region ............................................................................................105
Step 6. Config ure Insta nce Types and Encryption ..................................................................... 106
Step 7. Specify Instance Names ................................................................................................ 108
Step 8. Config ure Network Settings ......................................................................................... 109
Step 9. Specify Restore Reason.................................................................................................. 111
Step 10. Finish Working with W izard ..........................................................................................112
Restoring Amazon RDS Insta nces .........................................................................................................113
Step 1. La unch Restore to Amazon RDS Wizard .......................................................................... 114
Step 2. Select RDS Instances a nd Restore Points .........................................................................115
Step 3. Choose Restore Mode ................................................................................................... 116
Step 4. Specify IAM Identity ......................................................................................................117
Step 5. Specify Datacenter Region ............................................................................................ 119
Step 6. Config ure Insta nce Types and Encryption ......................................................................120
Step 7. Configure Parameter a nd Option Groups ........................................................................ 122
Step 8. Specify Database Identifier ........................................................................................... 123
Step 9. Config ure Network a nd Availability Settings .................................................................. 124
Step 10. Specify Restore Reason ............................................................................................... 126
Step 11. Finish W orking with Wizard .......................................................................................... 127
Restoring Entire EFS File Systems ....................................................................................................... 128
Step 1. La unch Restore to Amazon EFS Wizard ........................................................................... 129
Step 2. Select File Systems and Restore P oints ..........................................................................130
Step 3. Choose Restore Mode ....................................................................................................131
Step 4. Specify IAM Identity ..................................................................................................... 132
Step 5. Specify Datacenter Region ............................................................................................ 134
Step 6. Config ure Performa nce Modes and E ncryption ............................................................... 135
Step 7. Specify File System Names ............................................................................................ 137
Step 8. Config ure Network Settings .......................................................................................... 138
Step 9. Specify Restore Reason................................................................................................ 140
Step 10. Finish Working with W izard ......................................................................................... 141
4 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Restoring EFS Files and Folders .......................................................................................................... 142
Restoring Amazon VPC Configurations ................................................................................................ 143
Performing Instant Recovery ..............................................................................................................144
Restoring to Microsoft Azure ..............................................................................................................146
Restoring to Nutanix AHV .................................................................................................................. 147
Restore to Google Compute Engine ....................................................................................................148
Exporting Disks .................................................................................................................................149
Restoring Guest OS Files ....................................................................................................................150
Restoring Application Items ............................................................................................................... 152
Viewing Statistics .............................................................................................................................. 154
FE ATURES AND P LUG-IN VERSIONS ................................ ................................ ..................... 156
SUPP ORT INFORMATION ................................ ................................ ................................ ...157
5 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Contacting Veeam Software
At Veeam Software we value feedback from our customers. It is important not only to help you quickly with your
technical issues, but it is our mission to listen to your input and build products tha t incorporate your
suggestions.
Customer Support
Should you have a technical concern, suggestion or question, visit the Veeam Customer Support Portal to open a
case, search our knowledge base, reference documentation, manage your license or obtain the latest product
release.
Company Contacts
For the most up-to-date information about company contacts and office locations, visit the Veeam Contacts
Webpage.
Online Support
If you have any questions about Veeam products, you can use the following resources:
6 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
About This Document
This guide provides information on integration of Veeam Backup & Replication and Veeam Backup for AWS. The
document describes how to install AWS Plug-in for Veeam Backup & Replication, how to add Veeam Backup for
AWS to the Veeam Backup & Replication infrastructure, and gives instructions on how to monitor Veeam Backup
for AWS sessions and perform restore of Amazon EC2 instances in the Veeam Backup & Replication console.
Intended Audience
This guide is designed for backup administrators who plan to use the Veeam Backup & Replication console to
manage EC2 backup and restore operations.
AWS Plug-in for Veeam Backup & Replication is built on top of Veeam Backup & Replication, and this guide
assumes that you have a good understanding of this solution.
7 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Overview
AWS Plug-in for Veeam Backup & Replication is a solution that allows you to create and manage data protection
and disaster recovery tasks for Amazon Elastic Compute Cloud (Amazon EC2), Amazon Relational Database
Service (Amazon RDS) and Amazon Elastic File System (Amazon EFS) environments as well as for Amazon Virtual
Private Cloud (Amazon VPC) configuration. AWS Plug-in for Veeam Backup & Replication extends the Veeam
Backup & Replication functionality and provides access to Veeam Backup for AWS in the Veeam Backup &
Replication console.
NOTE
AWS Plug-in for Veeam Backup & Replication is built on top of Veeam Backup & Replication, and this guide
assumes that you have a good understanding of the Veeam Backup & Replication solution.
With AWS Plug-in for Veeam Backup & Replication, you can add Veeam Backup for AWS appliances into the
Veeam Backup & Replication infrastructure and perform the following operations in the Veeam Backup &
Replication console:
• Perform Instant Recovery to restore entire EC2 instances as VMs into VMware vSphere or Hyper-V
environment.
8 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Backup Infrastructure Components
After you integrate Veeam Backup for AWS with Veeam Backup & Replication, the backup infrastructure will
consist of the following components:
An application where you can manage backup infrastructure components, perform restore from EC2 and
RDS instance image-level backups and snapshots, and copy EC2 backups to secondary repositories and
tapes.
An installer component that deploys services required for integration with Veeam Backup for AWS.
The main component that performs backup and restore operations in the Amazon EC2, RDS and EFS
environments, as well as for the Amazon VPC configuration.
In the Veeam Backup & Replication console, you can connect to an existing Veeam Backup for AWS
appliance or launch the deployment of a new one.
4. W orker instances
Temporary Linux-based Amazon EC2 instances that are created by Veeam Backup for AWS to perform
backup and restore operations. A worker instance is deployed for each EC2 instance included in the
running backup policy or restore process. After the backup or restore process completes, the worker
instance is immediately removed.
5. S3 b ackup repositories
AWS Plug-in for Veeam Backup & Replication supports two types of S3 backup repositories:
b. Archive repositories
A folder in an Amazon S3 bucket where Veeam Backup for AWS stores archive backups of EC2
instances. For more information on archive, see Adding Backup Repositories.
9 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
6. Ad d itional repositories a nd tape devices
Additional repositories are any backup repositories where Veeam Backup & Replication copies EC2 backups
if you perform backup copy. For more information on backup repositories, see the Backup repositories
section in the Veeam Backup & Replication User Guide. You can also use tape devices to store copies of
your backup files. For more information on how to back up to tapes, see the Machines Backup to Tape
section in the Veeam Backup & Replication User Guide.
10 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Planning and Preparation
Before you start using AWS Plug-in for Veeam Backup & Replication, make sure that the backup infrastructure
components meet system requirements, all required ports are open, and user accounts that you plan to use have
the required permissions.
11 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
System Requirements
Before you start using AWS Plug-in for Veeam Backup & Replication, consider the following requirements.
Since AWS Plug-in for Veeam Backup & Replication is installed on the Veeam Backup & Replication server,
system requirements for the plug-in are similar to requirements for the Veeam Backup & Replication server. For
more information on system requirements for the Veeam Backup & Replication server and other infrastructure
components, see the System Requirements section in the Veeam Backup & Replication User Guide.
11.0.3.x 11.0.0.x
11.0.4.x 11.0.1.x
11.0.3.x 3.x
11.0.4.x 4.x
12 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Requirements for Web Browsers
For the list of web browsers that you can use to open the Veeam Backup for AWS appliance Web UI, see the
After You Install section in the Veeam Backup for AWS User Guide.
13 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Used Ports
As AWS Plug-in for Veeam Backup & Replication is installed on the machine with Veeam Backup & Replication, it
uses the same ports as those described in the Used Ports section in the Veeam Backup & Replication User Guide.
In addition, AWS Plug-in for Veeam Backup & Replication also uses ports listed in the table.
NOTE
During installation, Veeam Backup & Replication and Veeam Backup for AWS automatically create firewall
rules for the required ports to allow communication for the application components.
Veeam Veeam TCP 443 Port used for communication with AWS
Ba ckup & Backup for and Veeam Backup for AWS.
Rep lication AWS
server appliance,
AWS services
Veeam Veeam TCP 9402 Port used to connect to AWS Plug-in for
Ba ckup & Backup & Veeam Backup & Replication.
Rep lication Replication
console and server
Veeam ONE
server
For ports required for Veeam Backup for AWS, see the Network Ports section in the Veeam Backup for AWS User
Guide.
14 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Required Permissions
Make sure user accounts that you plan to use have permissions described in this section.
List of P ermissions
{
"cloudwatch:DeleteAlarms",
"cloudwatch:PutMetricAlarm",
"dlm:CreateLifecyclePolicy",
"dlm:DeleteLifecyclePolicy",
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AttachInternetGateway",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
"ec2:CreateRoute",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateVpc",
"ec2:DeleteInternetGateway",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteSubnet",
"ec2:DeleteVolume",
"ec2:DeleteVpc",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeIamInstanceProfileAssociations",
"ec2:DescribeImages",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
15 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"ec2:DetachInternetGateway",
"ec2:DetachVolume",
"ec2:DisassociateAddress",
"ec2:ModifyVpcAttribute",
"ec2:ReleaseAddress",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"iam:AddRoleToInstanceProfile",
"iam:AttachRolePolicy",
"iam:CreateInstanceProfile",
"iam:CreatePolicy",
"iam:CreateRole",
"iam:CreateServiceLinkedRole",
"iam:DeleteInstanceProfile",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetInstanceProfile",
"iam:GetPolicy",
"iam:GetRole",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfilesForRole",
"iam:ListRolePolicies",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:SimulatePrincipalPolicy",
"iam:UpdateAssumeRolePolicy",
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketVersioning",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject",
"ssm:GetCommandInvocation",
"ssm:SendCommand",
"sts:GetCallerIdentity"
}
You can also specify granular permissions. For more information, see the following Veeam KB articles: KB4139,
KB4140, KB4141.
When performing data protection and disaster recovery operations, you specify an IAM role or an IAM user.
Veeam Backup for AWS uses permissions of IAM roles and IAM users to access AWS services and resources.
In the AWS account that you specify when adding or deploying the Veeam Backup for AWS appliance, the
Default Backup Restore IAM role is created automatically. This IAM role has all the permissions required to
perform operations within the initial AWS account — to back up any Amazon EC2 instance within the account, to
store backups in any Amazon S3 bucket within the account, and so on.
16 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
If you want to specify granular permissions, to protect EC2 instances of another AWS account or to keep backed -
up data in another AWS account, you must add IAM roles that have access to AWS services and resources of that
account. Examples of permissions for different operations are described in the following Veeam KB articles:
KB3032, KB3033, KB3034. To specify an IAM role for the necessary operation, you must first add this IAM role
to Veeam Backup for AWS. For more information on IAM roles and how to add them, see the IAM Roles section
in the Veeam Backup for AWS User Guide.
If you plan to copy image-level backups or to restore guest OS files from image-level backups, make sure that
the accounts specified for standard backup repositories where the image-level backups are stored have
permissions described in the Using Amazon S3 Object Storage section in the Veeam Backup & Replication User
Guide. For more information on how to specify user accounts for existing standard backup repositories, see
Connecting to Existing Appliance. For more information on how to specify user accounts for new standard
backup repositories, see Deploying Standard Backup Repositories.
17 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Licensing
If you want to use capabilities provided by AWS Plug -in for Veeam Backup & Replication, you must have a valid
license installed on Veeam Backup & Replication. If you install Veeam Backup & Replication without a license,
the AWS Plug-in for Veeam Backup & Replication capabilities are not available.
In this section, you will see the terminology of Veeam Backup & Replication licensing and Veeam Backup for
AWS editions. For more information, see the following guides:
• To learn about licensed objects and license types in Veeam Backup & Replication, see the Licensing section
in the Veeam Backup & Replication User Guide.
• To learn about editions of Veeam Backup for AWS, see the Licensing section in the Veeam Backup for AWS
User Guide.
18 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
License Limitations
Before installing AWS Plug-in for Veeam Backup & Replication, mind the following limitations for Veeam Backup
& Replication licenses.
• If Veeam Backup & Replication uses the Veeam Cloud Connect service provider license
If you do not install an additional Perpetual per-instance license or a subscription license, you will be able to use
one free license instance per each socket (but maximum 6 free instances for all sockets). After you exceed the
limit of free instances, Veeam Backup for AWS backup policies for workloads without license instances will start
to fail.
19 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Licensing Scenarios
A workload (EC2 or RDS instance, or EFS file system) is considered protected if it has a backup or snapshot
created by a backup policy in the last 31 days. The number of license instances that a protected workload
consumes depends on the workload type and product edition. For details, see Veeam Licensing Policy.
NOTE
• Manual creation of snapshots does not require license instances. For more information on how to
create snapshots manually, see the Manual creation of EC2 snapshots, Manual creation of RDS
snapshots and Manual creation of EFS backups sections in the Veeam Backup for AWS User Guide.
• VPC configuration backups do not require license instances. For more information on VPC
configuration backups, see the Performing VPC Configuration Backup section in the Veeam Backup
for AWS User Guide.
When you add a Veeam Backup for AWS appliance to the Veeam Backup & Replication infrastructure, there are
two possible scenarios:
If you remove the Veeam Backup for AWS appliance from the Veeam Backup & Replication infrastructure,
Veeam Backup & Replication will stop counting backed-up workloads. Veeam Backup for AWS continues
using the license that was used before you added Veeam Backup for AWS to the Veeam Backup &
Replication infrastructure.
If you deploy a new Veeam Backup for AWS appliance in the Veeam Backup & Replication console,
protected workloads start consuming license instances from the Veeam Backup & Replication license.
If you remove the Veeam Backup for AWS appliance from Veeam Backup & Replication infrastructure,
Veeam Backup & Replication stops counting backed-up workloads and Veeam Backup for AWS switches to
the Free license with 10 available instances. To back up more than 10 instances, you must install a BYOL
license on the Veeam Backup for AWS appliance. To see how to install a new BYOL license, see the
Licensing section in the Veeam Backup for AWS User Guide.
Note that the loss of connection with Veeam Backup & Replication does not affect restore processes and manual
creation of snapshots.
20 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Managing Licensed Instances
After you add a Veeam Backup for AWS appliance to the Veeam Backup & Replication infrastructure, you can
monitor the number of protected workloads and how many license instances they consume in the Veeam Backup
& Replication console. You can also revoke licenses from protected workloads if you do not want to protect
these workloads.
1. In the Veeam Backup & Replication console, expand the main menu and select License.
21 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
• Instances — total number of the consumed license instances.
2. In the License Information window, open the Instances tab and click Ma nage.
22 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
3. In the displayed window, select a protected workload and click Revoke. Veeam Backup & Replication will
revoke the license from the selected object, and the license will be freed for other workloads that you
want to protect.
23 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Deployment and Configuration
To configure integration of Veeam Backup & Replication with Veeam Backup for AWS, complete the following
steps:
Install or upgrade Veeam Backup & Replication up to the required version. AWS Plug-in for Veeam Backup
& Replication will be automatically installed along with Veeam Backup & Replication.
For more information on how to install or upgrade Veeam Backup & Replication, see the Installing Veeam
Backup & Replication and Upgrading Veeam Backup & Replication sections in the Veeam Backup &
Replication User Guide.
You have two options for adding a Veeam Backup for AWS appliance:
o If you have already installed Veeam Backup for AWS, you can connect an existing Veeam Backup for
AWS appliance to the Veeam Backup & Replication infrastructure. For more information, see
Connecting to Existing Veeam Backup for AWS Appliances.
o If you have not installed Veeam Backup for AWS, you can deploy a new Veeam Backup for AWS
appliance in the Veeam Backup & Replication console. In this case, Veeam Backup & Replication
deploys Veeam Backup for AWS on an Amazon EC2 instance automatically. For more information on
how to deploy a new appliance, see Deploying New Veeam Backup for AWS Appliances.
3. [For a newly added Veeam Backup for AWS appliance, optional] Configure worker instances.
After you add a new Veeam Backup for AWS appliance, open its Web UI and configure network settings for
worker instances. For more information on worker instances and how to configure them, see the Worker
Instances section in the Veeam Backup for AWS User Guide.
o If you connect to an existing Veeam Backup for AWS appliance, you can omit adding standard backup
repositories since all configured S3 backup repositories are added to the Veeam Backup & Replication
infrastructure automatically. However, you can deploy new repositories if required.
o If you deploy a new Veeam Backup for AWS appliance, you may require to add standard backup
repositories — but only in case you want backup policies to produce image-level backups.
For more information on how to deploy standard backup repositories, see Deploying Standard Backup
Repositories.
Add archive repositories if you want to store image-level backups of EC2 instances for long periods of time
at lower costs. For more information on how to add archive repositories, see Deploying Archive Backup
Repository.
24 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Installing Plug-In
AWS Plug-in for Veeam Backup & Replication is installed automatically while you install or upgrade Veeam
Backup & Replication. For the compatibility table of Veeam Backup & Replication and AWS Plug -in for Veeam
Backup & Replication versions, see System Requirements.
For more information on how to install or upgrade Veeam Backup & Replication, see the Installing Veeam
Backup & Replication and Upgrading Veeam Backup & Replication sections in the Veeam Backup & Replication
User Guide.
25 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Upgrading Plug-In
If you want to upgrade your AWS Plug-in for Veeam Backup & Replication to a new version, you do not have to
uninstall the previous plug-in version. You only need to upgrade Veeam Backup & Replication as described in
the Upgrading Veeam Backup & Replication section in the Veeam Backup & Replication User Guide. During the
installation process, Veeam Backup & Replication will detect the previous plug -in version and will upgrade it.
For the compatibility table of Veeam Backup & Replication and AWS Plug -in for Veeam Backup & Replication
versions, see System Requirements.
After you upgrade AWS Plug-in for Veeam Backup & Replication, you must also upgrade your appliances in the
Veeam Backup & Replication console. For more information on how to upgrade appliances, see Upgrading
Appliances.
NOTE
• If a Veeam Backup for AWS appliance is already added to the Veeam Backup & Replication
infrastructure, and if the version of Veeam Updater is 2.0.0.499 or later, you will not be able to
upgrade Veeam Backup for AWS to the next version in the Veeam Updater UI. Instead, upgrade
Veeam Backup for AWS in the Veeam Backup & Replication console as described in the Upgrading
Appliance section.
• When you upgrade Veeam Backup for AWS, the plug -in checks the permissions of the Default Backup
Restore IAM role of the AWS account and grants all the required permissions.
26 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Adding Veeam Backup for AWS Appliances
After you install AWS Plug-in for Veeam Backup & Replication, you must add Veeam Backup for AWS appliances
to the Veeam Backup & Replication infrastructure. You have two options:
If you have already deployed Veeam Backup for AWS appliances, you can add these appliances to the
Veeam Backup & Replication infrastructure.
NOTE
You must add a Veeam Backup for AWS appliance to the infrastructure of only one Veeam Backup &
Replication server. If you add the appliance to another Veeam Backup & Replication server, the
synchronization between the appliance and the first Veeam Backup & Replication server will be stopped,
and the appliance will be displayed as unavailable. The applia nce will start consuming license units from
the license of the last Veeam Backup & Replication server to which the appliance was added.
27 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Connecting to Existing Veeam Backup for AWS
Appliances
To connect to an existing appliance, do the following:
5. Configure repositories
NOTE
If you reconnect an appliance from one Veeam Backup & Replication server to another, we recommend you
to remove the appliance from the first server and only then add the appliance to another server. If you do
not remove the appliance, it will become unavailable on the first server — you will see outdated data and
will not be able to perform any operations with the data.
28 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 1. Launch New Veeam Backup for AWS Appliance Wizard
To launch the New Veeam Backup for AWS Appliance wizard, do one of the following:
• Open the Ba ckup Infrastructure view. Click Ad d Server on the ribbon. In the Ad d Server window, select
Veeam Backup for AWS.
• Open the Ba ckup Infrastructure view. In the inventory pane, right-click the Ma naged Servers node and
select Ad d Server. In the Ad d Server window, select Veeam Backup for AWS.
• [If Veeam Backup for Nutanix AHV and all cloud plug -ins are installed] Open the Ba ckup Infrastructure
view. Click Ad d Server on the ribbon. In the Ad d Server window, click Veeam cloud-native backup
a p pliance > Veeam Backup for AWS.
29 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 2. Specify Deployment Mode
At the Dep loyment Mode step of the wizard, select Connect to an existing appliance.
If you want to deploy a new Veeam Backup for AWS appliance, see Deploying New Veeam Backup for AWS
Appliances.
30 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 3. Specify AWS Account Settings
At the Account step of the wizard, specify an AWS account, select the AWS Region and geographical location of
a datacenter where the Veeam Backup for AWS appliance is deployed:
1. From the AW S account drop-down list, select credentials of an AWS account in which your Veeam Backup
for AWS appliance is deployed. The user account must have permissions listed in Required Permissions.
If you have not added credentials beforehand, click Ma nage accounts or Ad d to add the necessary
credentials. For more information on adding credentials, see the Access Keys for AWS Users section in the
Veeam Backup & Replication User Guide.
2. From the AW S region drop-down list, select the AWS Region in which the Veeam Backup for AWS
appliance resides.
3. From the Da ta center drop-down list, select the geographical location of the datacenter where the Veeam
Backup for AWS appliance resides.
31 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 4. Select EC2 Instance
At the E C2 Instance step of the wizard, select the Amazon EC2 instance where Veeam Backup for AWS is
deployed:
2. In the E C2 Instance window, select the EC2 instance where Veeam Backup for AWS is installed (that is, the
Veeam Backup for AWS appliance).
IMP ORTANT
The VPC security group must allow the Veeam Backup & Replication server to access the Veeam Backup for
AWS appliance using HTTPS. For more information on how to configure access, see AWS Documentation.
32 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 5. Specify Connection Type
At the Connection Type step of the wizard, choose whether the Veeam Backup for AWS appliance is connected
directly to the internet or located in a private network:
• If the Veeam Backup for AWS appliance is connected to the internet, and you want the Veeam Backup &
Replication server to be connected to the Veeam Backup for AWS appliance also through the internet,
select Direct connection. In this case, the Veeam Backup & Replication server will detect the public or
elastic IP of the Veeam Backup for AWS appliance automatically.
• If the Veeam Backup for AWS appliance is located in a private network and the Veeam Backup &
Replication server is also located in the same private network, or you wa nt the Veeam Backup &
Replication server to be connected to the Veeam Backup for AWS appliance over Veeam PN, select P rivate
network. In the Sp ecify the IP address or DNS nam e of the appliance field, specify the private IP or DNS
name of the Veeam Backup for AWS appliance.
33 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 6. Specify Credentials
At the Credentials step of the wizard, specify credentials of a user that has administrative privileges on the
Veeam Backup for AWS appliance. This user can be the Default Admin created during the initial configuration of
the Veeam Backup for AWS appliance, or a user created during further work with Veeam Backup for AWS. Note
that the user must be assigned the Portal Administrator role. For more information on roles, see the Managing
Permissions section in Veeam Backup for AWS User Guide.
If you have not added the credentials beforehand, click Ma nage accounts or Ad d to add the necessary
credentials. For more information on adding credentials, see the Credentials Manager section in the Veeam
Backup & Replication User Guide.
IMP ORTANT
Multi-factor authentication (MFA) is not supported. For more information on where to check MFA settings,
see the Managing Users section in the Veeam Backup for AWS User Guide.
If you try to add an appliance that runs an outdated version of Veeam Backup for AWS, Veeam Backup &
Replication will display a warning notifying that the appliance must be upgraded. Click OK to upgrade the
appliance to the latest version of Veeam Backup for AWS that is compatible with the current version of AWS
Plug-in for Veeam Backup & Replication.
When you add a Veeam Backup for AWS appliance, Veeam Backup & Replication saves in the configuration
database a thumbprint of the TLS certificate installed on the appliance. When Veeam Backup & Replication
connects to the appliance, it uses the saved thumbprint to verify the appliance identity and to avoid the man-in-
the-middle attack. For details on managing TLS certificates, see the TLS Certificates section in the Veeam
Backup for AWS User Guide.
If the certificate installed on the Veeam Backup for AWS appliance is not trusted, Veeam Backup & Replication
will display a warning. In the warning window, you can do the following:
• Click Ca ncel if you do not trust the certificate. However, in this case you will not be able to connect to the
appliance.
34 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
NOTE
When you update a certificate on an appliance, this appliance becomes unavailable in the Veeam Backup &
Replication console. To make the appliance available again, acknowledge the new certificate at the
Credentials step of the E d it Veeam Backup for AWS Appliance wizard. For more information on how to
open the wizard, see Editing Appliance Settings.
35 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 7. Configure Repositories
The Rep ositories step of the wizard displays all repositories added to the Veeam Backup for AWS infrastructure.
For standard backup repositories, specify credentials to access the repositories and a gateway server to be used.
For archive repositories, you do not need to specify credentials and a gateway server because there is no direct
connection between Veeam Backup & Replication and archive repositories. They are synchronized from Veeam
Backup for AWS.
1. In the Rep ositories list, select a standard backup repository to which you want to configure access and
click E d it.
a. From the Credentials drop-down list, select credentials of an AWS user who has permissions to access
the S3 backup repository resources. For more information on permissions, see Required Permissions.
If you have not added credentials beforehand, click Ma nage cloud accounts or Ad d to add the
necessary credentials. For more information on adding credentials, see the Cloud Credentials Manager
section in the Veeam Backup & Replication User Guide.
IMP ORTANT
If you do not specify credentials for an S3 backup repository, AWS Plug -in for Veeam Backup &
Replication will stop periodic rescan of the repository. This can help you reduce data transfer
costs since AWS Plug-in for Veeam Backup & Replication will send fewer requests to AWS.
However, keep in mind that in this case you will only be able to view, manage backup policies
and restore EC2 instances to Amazon EC2. Activities described in the Data Protection and Data
Recovery sections are not available.
b. From the Use the following gateway server for the Internet access drop-down list, select a gateway
server that will be used to access the repository. If you do not specify the credentials, the backup
server is used as a gateway server.
The gateway server caches data when you copy backups and restore application items. The gateway
server helps you decrease the amount of traffic being sent over the network and reduce data transfer
costs. For more information on caching data, see the Cache section in the Veeam Backup & Replication
User Guide.
By default, the role of a gateway server is assigned to the Veeam Backup & Replication server. If the
Veeam Backup & Replication server resides in a region that differs from the AWS Region where your
Veeam Backup for AWS resides, choose a server that is located close to the Veeam Backup for AWS
appliance. You can choose any Microsoft Windows or Linux server that is added to your Veeam Backup
& Replication infrastructure and has internet connection. Note that the server must be added to the
Veeam Backup & Replication infrastructure beforehand. For more information on how to add a server,
see the Virtualization Servers and Hosts section in the Veeam Backup & Replication User Guide.
c. If data in the standard backup repository is encrypted with a password, select the Use the following
p a ssword for encrypted backups check box. From the drop-down list, select the password that must
be used to decrypt the data. In this case, Veeam Backup & Replication will automatically decrypt
backup files stored in this repository.
If you have not added the password beforehand, click the Ma nage passwords link or the Ad d button
to add the necessary password. For more information on adding passwords, see the Creating
Passwords section in the Veeam Backup & Replication User Guide.
36 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
If you do not specify the decryption password, you can do it later. For more information, see
Decrypting Image-Level Backups.
If data in the S3 backup repository is encrypted with a KMS key, AWS Plug -in for Veeam Backup &
Replication shows the used KMS key but does not allow changing it. You can change the key in the
appliance Web UI as described in the Editing Backup Repository Settings section in the Veeam Backup
for AWS User Guide.
After you finish working with the wizard, the backup repositories will be displayed on the Ba ckup Infrastructure
view, under the E x ternal Repositories node. For more information on where backups are shown, see Viewing
Snapshots and Backups.
NOTE
If S3 backup repositories are already added to the infrastructure of another Veeam Backup & Replication
server, you will be prompted to claim the ownership of these repositories. For more information on taking
the ownership, see the Ownership section in the Veeam Backup & Replication User Guide.
37 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 8. Apply Settings
At the Ap p ly step of the wizard, wait until Veeam Backup & Replication applies the settings. Click Nex t to
complete the procedure of adding the appliance.
38 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 9. Finish Working with Wizard
At the Summary step of the wizard, review details of the added Veeam Backup for AWS appliance and click
Finish.
If you want to configure worker instances, add IAM roles or manage other settings that are not available in the
Veeam Backup & Replication console, click the b a ckup appliance console link. For more information on what you
can do in the Veeam Backup for AWS Web UI, see the Veeam Backup for AWS User Guide.
39 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Deploying New Veeam Backup for AWS
Appliances
To deploy a new Veeam Backup for AWS appliance, do the following:
40 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 1. Launch New Veeam Backup for AWS Appliance Wizard
To launch the New Veeam Backup for AWS Appliance wizard, do one of the following:
• Open the Ba ckup Infrastructure view. Click Ad d Server on the ribbon. In the Ad d Server window, select
Veeam Backup for AWS.
• Open the Ba ckup Infrastructure view. In the inventory pane, right-click the Ma naged Servers node and
select Add Server. In the Ad d Server window, select Veeam Backup for AWS.
• [If Veeam Backup for Nutanix AHV and all cloud plug-ins are installed] Open the Ba ckup Infrastructure
view. Click Ad d Server on the ribbon. In the Ad d Server window, click Veeam cloud-native backup
a p pliance > Veeam Backup for AWS.
41 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 2. Specify Deployment Mode
At the Dep loyment Mode step of the wizard, select Dep loy a new appliance.
If you want to connect to an existing Veeam Backup for AWS appliance, see Adding Existing Veeam Backup for
AWS Appliances.
42 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 3. Specify AWS Account Settings
At the Account step of the wizard, specify an AWS account, select the AWS region and geographical location of a
datacenter where you want to deploy the Veeam Backup for AWS appliance:
1. From the AW S account drop-down list, select user credentials to connect to an AWS account where you
want to deploy the Veeam Backup for AWS appliance. Note that the user whose credentials you want to
use must have the necessary permissions. For more information on permissions, see Required Permissions.
If you have not added credentials beforehand, click Ma nage accounts or Ad d to add the necessary
credentials. For more information on adding credentials, see the Access Keys for AWS Users section in the
Veeam Backup & Replication User Guide.
IMP ORTANT
The AWS account that will be used to deploy Veeam Backup for AWS must be subscribed to Veeam
Backup for AWS FREE Trial & BYOL Edition in AWS Marketplace.
To learn how to subscribe to Veeam Backup for AWS FREE Trial & BYOL Edition, follow instructions
provided in the Installing Veeam Backup for AWS section in the Veeam Backup for AWS User Guide
(steps 1–5).
2. From the AW S region drop-down list, select an AWS Region in which the appliance will reside.
3. From the Da ta center drop-down list, select a location of a datacenter where you want to deploy the
Veeam Backup for AWS appliance.
43 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 4. Specify EC2 Instance
At the E C2 Instance step of the wizard, specify a name and description for the EC2 instance where Veeam
Backup for AWS will be deployed.
44 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 5. Specify AWS Network Resources
At the Networking step of the wizard, specify the AWS network resource settings:
o Select an existing Amazon Virtual Private Cloud (Amazon VPC) to which the Veeam Backup for AWS
appliance will be connected. For a VPC to be displayed in the drop -down list, it must be created in
advance as described in the Working with VPCs and subnets section in the AWS documentation.
o Select ( create new) to cretae a new VPC. The veeamvpc VPC will be created.
o Select an existing subnet to which the Veeam Backup for AWS appliance will be connected. For a
subnet to be displayed in the drop-down list, it must be created in advance as described in the
Working with VPCs and subnets section in the AWS documentation.
o Select ( create new) to create a new subnet. The veeamsubnet subnet will be created.
o Select an existing AWS security group to which the Veeam Backup for AWS appliance will be
connected. For a security group to be displayed in the drop -down list, it must be created in advance
as described in the Working with security groups section in the AWS documentation.
o Select ( create new) to create a new security group. The veeamsecuritygroup security group will be
created.
NOTE
If you choose to create a new resource (VPC, subnet or security group), but the resource was already
created by Veeam ( veeamvpc, veeamsubnet or veeamsecuritygroup ), the existing resource will be used.
45 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
4. In the Ba ckup server p ublic IP address field, specify a public IP address or a scope of IP addresses in CIDR
notation that will be allowed to access the Veeam Backup for AWS appliance. Note that the Veeam Backup
& Replication server IP address must fall into the specified IP addresses.
If you have selected to create a new security group, AWS Plug -in for Veeam Backup & Replication will
create a security rule for the specified IP addresses that allows access the Veeam Backup for AWS
appliance through HTTPS. If you have selected an existing security group, make sure the selected VPC
security group allows the access. For more information on how to configure the access, see AWS
Documentation.
46 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 6. Specify AWS IP Settings
At the IP Assignment step of the wizard, select a type of the IP address that you want assign to the Veeam
Backup for AWS appliance:
• To assign a dynamic IP to the Veeam Backup for AWS appliance, select Dy namic IP address.
• To assign an Elastic IP to the Veeam Backup for AWS appliance, select Sta tic IP address (Elastic IP). You
can either select an existing Elastic IP address from the drop -down list, or create a new Elastic IP. To
create a new Elastic IP, select ( create new).
For an IP to be displayed in the list of available Elastic IPs, it must be allocated as described in Allocating
an Elastic IP address.
NOTE
After a Veeam Backup for AWS appliance is deployed, Veeam Backup & Replication will use the public IP to
connect to the appliance. If you want to connect to the appliance using the private IP, follow the
instructions provided in this Veeam KB article.
47 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 7. Specify Credentials
At the Guest OS step of the wizard, specify guest OS credentials for the EC2 instance where Veeam Backup for
AWS will be deployed:
1. From the Create the following administrator credentials drop-down list, select credentials that will be
used to authenticate against the Veeam Backup for AWS appliance. The user created with the specified
credentials will be assigned the Portal Administrator role. For more information on roles, see Managing
Permissions in the Veeam Backup for AWS User Guide.
If you have not added credentials beforehand, click Ma nage accounts or Ad d to add the necessary
credentials. For more information on adding credentials, see the Cloud Credentials Manager section in the
Veeam Backup & Replication User Guide.
IMP ORTANT
The specified password must contain at least one special character, one lowercase and one
uppercase letters, and must not contain monotonic sequence characters. The password length must
be between 8 and 255 characters.
2. In the Use the following key pair field, select a key pair that will be used to authenticate against the
Veeam Backup for AWS appliance. If you have not added a key pair beforehand, you can create it.
a. Click Ad d .
ii. In the P a th section, specify the path to the folder where the private key will be located.
48 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 8. Apply Settings
At the Ap p ly step of the wizard, wait until Veeam Backup & Replication applies the settings and click Nex t to
complete the appliance deployment.
49 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 9. Finish Working with Wizard
At the Summary step of the wizard, review the Veeam Backup for AWS appliance configuration settings and click
Finish.
A new Veeam Backup for AWS is configured without standard backup repositories. If you want to deploy
standard backup repositories on a new Veeam Backup for AWS appliance, select the Op en the S3 backup
rep ository creation wizard when I click Finish check box. For more information, see the Deploying Standard
Backup Repositories section.
NOTE
After you deploy a new Veeam Backup for AWS appliance, you can configure network settings for worker
instances in the appliance Web UI. If you do not configure the worker instances, Veeam Backup for AWS
appliance will use the default ones for the regions. For more information on worker instances and how to
configure them, see the Worker Instances section in the Veeam Backup for AWS User Guide.
50 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Managing Veeam Backup for AWS
Appliances
To view all added Veeam Backup for AWS appliances, open the Ba ck up Infrastructure view and navigate to
Ma naged Servers > AW S. The working area displays the full list of configured appliances. Here, you can edit
appliance settings, rescan appliance data, remove appliances from the Veeam Backup & Replication
infrastructure, or open appliance Web UI right in the Veeam Backup & Replication console.
51 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Viewing Snapshots and Backups
Available backups and snapshots are displayed under the following subnodes of the Ba ckups node in the Home
view:
• The Sna pshots subnode shows cloud-native backups of EFS file systems and cloud-native snapshots of all
protected workloads.
In the working area, there is an <Appliance name> node. This node displays both snapshots created
manually and snapshots imported automatically while adding regions to backup policies.
For more information on how Veeam Backup for AWS creates cloud -native snapshots, see the Snapshot
Chain section in the Veeam Backup for AWS User Guide. For more information on cloud-native EFS
backups, see the EFS Backup Chain section in the Veeam Backup for AWS User Guide.
• The E x ternal Repository subnode shows image-level backups of EC2 instances. For more information on
how Veeam Backup for AWS creates image-level backups, see the EC2 Backup Chain and VPC
Configuration Backup Chain sections in the Veeam Backup for AWS User Guide.
Under this subnode, Veeam Backup & Replication marks decrypted backups with a special icon ( ). For
more information on how to decrypt backups, see Decrypting Image-Level Backups.
Under the E x ternal Repository subnode, there can also be nodes with names of AWS accounts that you
used during the configuration of your backup infrastructure. Under these nodes, you can see backed -up
VPC configurations that you can further restore as described in the Amazon VPC Configuration Restore
section in Veeam Backup for AWS User Guide. For more information on how VPCs are backed up, see the
Amazon VPC Configuration Backup section in Veeam Backup for AWS User Guide.
• The E x ternal Repository (Archive) subnode shows image-level backups stored in archive repositories.
These backups are automatically decrypted.
For more information on how Veeam Backup for AWS creates archive backups, see the Archive Backup
Chain section in the Veeam Backup for AWS User Guide.
• The E x ternal Repository (Encrypted) subnode shows encrypted image-level backups (backups stored in
encrypted repositories) for which you did not specify the decryption password or the specified password
does not match the current password of the repository.
For more information on how to enable encryption for standard backup repositories, see the Enable Data
Encryption section in the Veeam Backup for AWS User Guide.
When you expand a node in the working area, you can see the following icons:
52 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Editing Appliance Settings
To edit settings of a Veeam Backup for AWS appliance, do the following:
3. In the working area, select the appliance whose settings you want to edit, and click E d it Appliance on the
ribbon. Alternatively, right-click the appliance and select P rop erties.
4. Complete the wizard as described in the Connecting to Existing Veeam Backup for AWS Appliances
section.
53 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Opening Appliance Web UI
If you want to access Veeam Backup for AWS and configure options not available in the Veeam Backup &
Replication console, you can perform the necessary actions using the Veeam Backup for AWS Web UI.
To open the Veeam Backup for AWS Web UI, do the following:
3. In the working area, select the Veeam Backup for AWS appliance whose Web UI you want to open, and
click Op en Console on the ribbon. Alternatively, right-click the appliance and select Op en console.
Veeam Backup & Replication will open a web browser and navigate you to the Veeam Backup for AWS
URL. For more information on what you can do in the Web UI, see the Veeam Backup for AWS User Guide.
54 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Upgrading Appliances
In the System Requirements section, you can see the compatibility table of Veeam Backup for AWS and AWS
Plug-in for Veeam Backup & Replication versions. To upgrade an appliance to the latest version of Veeam
Backup for AWS that is compatible with the current version of AWS Plug-in for Veeam Backup & Replication, do
the following:
3. In the working area, select the Veeam Backup for AWS appliance that you want to upgrade, and click
Up g rade appliance on the ribbon. Alternatively, right-click the appliance and select Up g rade.
Alternatively, you can edit appliance settings. At the Credentials step of the wizard, Veeam Backup &
Replication will prompt you to confirm the appliance upgrade. For more information on how to edit the settings,
see Editing Appliance Settings.
55 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Rescanning Appliances
If Veeam Backup for AWS appliances become unavailable, for example, due to connectivity problems, you can
rescan the appliances. Note that the appliance rescan option is disabled for available Veeam Backup for AWS
appliances.
NOTE
For Veeam Backup for AWS appliances that require upgrade, the appliance rescan is not available. For more
information on upgrade, see Upgrading Appliance.
3. In the working area, select the necessary Veeam Backup for AWS appliance, and click Rescan appliance on
the ribbon. Alternatively, you can right-click the appliance and select Rescan.
Veeam Backup & Replication will remove from the configuration database all data collected on the Veeam
Backup for AWS appliance. Then Veeam Backup & Replication will recollect data including the following: last
24-hour session results, data on all created snapshots, backups and policies.
56 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Removing Appliances
If you do not plan to manage an appliance using the Veeam Backup & Replication console, you can remove the
appliance from the Veeam Backup & Replication infrastructure only. If you do not plan to use the appliance
anymore, you can remove it from both the Veeam Backup & Replication and AWS infrastructures.
3. In the working area, select the appliance that you want to remove, and click Remove Appliance on the
ribbon. Alternatively, right-click the appliance and select Remove.
4. In the opened window, click Y es . If you see the Remove associated resources from cloud infrastructure
check box, make sure that it is not selected.
57 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Removing Appliance from Veeam Backup & Replication and
AWS
Removing Appliances Deployed from Veeam Backup & Replication Console
[The following instructions apply if you have deployed an appliance version 4.x and later from the Veeam
Backup & Replication console. If you have deployed an appliance from AWS Marke tplace, deployed an appliance
version 3.x or earlier, or connected to an appliance, see the instructions in Removing Appliances Deployed from
Marketplace.]
When you remove appliances from both the Veeam Backup & Rep lication and AWS infrastructures, all the
resources created along with the appliances are also removed. The removed resources are EC2 instances on
which Veeam Backup for AWS is deployed, disks, roles, security groups and so on. The resources that remain ar e
resources that already existed at the moment of the appliance creation, repositories and created backups, and
resources shared with other EC2 instances.
To remove an appliance from both the Veeam Backup & Replication and AWS infrastructures:
3. In the working area, select the appliance that you want to remove, and click Remove Appliance on the
ribbon. Alternatively, right-click the appliance and select Remove.
4. In the opened window, select the Remove associated resources from cloud infrastructure check box and
click Y es .
To remove an appliance from the Veeam Backup & Replication and AWS infrastructures, you must first remove it
from Veeam Backup & Replication as described in Removing Appliance from Veeam Backup & Replication. Then
remove the resources deployed in AWS.
When you deploy an appliance from AWS Marketplace, the appliance is created using AWS CloudFormation
stack. To remove the appliance, you must remove the CloudFormation stack as described in the Uninstalling
Veeam Backup for AWS section in the Veeam Backup for AWS User Guide.
When you deploy an appliance from the Veeam Backup & Replication console, the CloudFormation stack is not
created, the required resources are created as separate units. To remove the appliance, you must manually
remove the following AWS resources:
• AWS::EC2::Instance
• AWS::IAM::InstanceProfile
• AWS::DLM::LifecyclePolicy
• AWS::CloudWatch::Alarm
• AWS::EC2::SecurityGroup
• AWS::IAM::Role
58 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
To remove a resource, do the following:
1. Log in to the AW S Management Console using credentials of an AWS account where the appliance is
created.
2. From the list of available AWS Regions in the upper-right corner of the page, select the AWS Region in
which the appliance resides.
4. Select the AWS resource that you want to remove, and click Delete.
59 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Adding S3 Backup Repositories
An S3 backup repository is a folder in an Amazon S3 bucket with a specific storage class assigned.
AWS Plug-in for Veeam Backup & Replication supports the following types of S3 backup repositories:
A standard backup repository is a folder in an Amazon S3 bucket with the S3 Standard storage class
assigned. AWS Plug-in for Veeam Backup & Replication uses this repository to store image-level backups
of EC2 instances and additional copies of Amazon VPC configuration backups. We recommend you to store
frequently accessed backups in this repository.
To store backups in a standard backup repository, first add it to the infrastructure and then enable image -
level backups in a backup policy. For more information on how to create a policy, see Creating EC2 Backup
Policies in the Veeam Backup for AWS User Guide.
• Archive repository
An archive repository is a folder in an Amazon S3 bucket with the S3 Glacier or S3 Glacier Deep Archive
storage class assigned. Archive repository allows you to archive image-level backups of EC2 instances,
that is, to store backups for long periods of time at lower costs. However, restoring from an archived
backup is longer and more expensive than restoring from a backup stored in a standard backup repository.
To restore data from an archive, you first need to retrieve data from it. For more information on how to
retrieve data, see Retrieving Data from Archive.
We recommend you to archive data if it is rarely accessed or you want to reduce data -at-rest costs and to
save space in the high availability standard backup repository .
To archive backups, first add an archive repository and then enable backup archiving in a backup policy.
For more information on how to create a policy, see Creating EC2 Backup Policies in the Veeam Backup for
AWS User Guide. For more information on how archiving works, see the Enabling Backup Archiving section
in the Veeam Backup for AWS User Guide.
NOTE
When you create an archive repository, Veeam Backup for AWS does not create any S3 Glacier vaults
in your AWS environment. Veeam Backup for AWS assigns the selected storage class (S3 Glacier or S3
Glacier Deep Archive) to backups stored in the repository. That is why the archived backups remain in
Amazon S3 and cannot be accessed directly through the Amazon S3 Glacier service.
Depending on your configuration, you can connect to existing repositories or deploy new ones.
If a repository that is already added to the Veeam Backup for AWS infrastructure is not available in the Veeam
Backup & Replication infrastructure, follow the instructions provided in the Editing Veeam Backup for AWS
Appliance Settings section. For a standard backup repository, at the Rep ositories step of the E d it Veeam Backup
for AWS Appliance wizard, specify credentials to be used to access the repository. Click Ap p ly, and the
repository will be added to the Veeam Backup & Replication infrastructure.
60 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
NOTE
[For standard backup repositories] If you do not want or you do not have an option to add the Veeam
Backup for AWS appliance where a standard backup repository is deployed to the Veeam Backup &
Replication infrastructure, follow the instructions provided in the Adding External Amazon S3 Storage
section in the Veeam Backup & Replication User Guide. In this case, restore from backups stored in this
repository will work as described in the How Restore to Amazon EC2 Works section in the Veeam Backup &
Replication User Guide. This configuration might be necessary, for example, if your product license is not
supported.
61 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Deploying Standard Backup Repositories
For more information on a standard backup repository, see Adding Backup Repositories.
5. Configure encryption
62 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 1. Launch Add External Repository Wizard
To launch the Ad d External Repository wizard, open the Ba ckup Infrastructure view and do one of the following:
• In the inventory pane, select the E x ternal Repositories node and click Ad d Repository on the ribbon. In the
Ad d External Repository window, select Veea m Backup for AWS > Amazon S3.
• In the inventory pane, right-click the E x ternal Repositories node and select Ad d . In the Ad d External
Rep ository window, select Veea m Backup for AWS > Amazon S3.
63 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 2. Specify Veeam Backup for AWS Appliance and
Repository Name
At the Veea m Backup for AWS step of the wizard, specify the Veeam Backup for AWS appliance that will manage
the infrastructure to which you want to add a standard backup repository:
1. From the Ap p liance drop-down list, select the necessary Veeam Backup for AWS appliance. A new
standard backup repository will be added to the infrastructure managed by the selected Veeam Backup for
AWS appliance.
For an appliance to be displayed in the Ap p liance drop-down list, it must be added to the Veeam Backup &
Replication infrastructure as described in the Adding Veeam Backup for AWS Appliances section.
2. In the Rep ository name field, enter a name for the repository. The maximum length of the name is 125
characters; all special characters except for /!*'()_-. cannot be used.
Veeam Backup & Replication will create a folder with this name in the bucket that you will specify at the
Bucket step of the wizard. The backed-up data will be stored in the created folder.
64 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 3. Specify Amazon Account Settings
At the Account step of the wizard, specify Amazon S3 connection settings:
1. From the AW S account drop-down list, select the user credentials to access the standard backup
repository resources. The user whose credentials you want to use must have permissions listed in the
Required Permissions section.
If you have not added credentials beforehand in the Cloud Credentials Manager, click Ma nage cloud
a ccounts or Ad d to add the necessary credentials. For more information on adding credentials, see the
Access Keys for AWS Users section in the Veeam Backup & Replication User Guide.
2. From the AW S region drop-down list, select the AWS Region in which your Veeam Backup for AWS
appliance resides.
3. From the Ga teway server drop-down list, select a gateway server that will be used to access the
repository.
The gateway server caches data when you copy backups and restore application items. The gateway server
helps you decrease the amount of traffic being sent over the network and reduce data transf er costs. For
more information on caching data, see the Cache section in the Veeam Backup & Replication User Guide.
By default, the role of a gateway server is assigned to the Veeam Backup & Replication server. If the
Veeam Backup & Replication server resides in a region that differs from the AWS Region where your
Veeam Backup for AWS resides, choose a server that is located close to the Veeam Backup for AWS
appliance. You can choose any Microsoft Windows or Linux server that is added to your Veeam Backup &
Replication infrastructure and has internet connection. Note that the server must be added to the Veeam
Backup & Replication infrastructure beforehand. For more information on how to add a server, see the
Virtualization Servers and Hosts section in the Veeam Backup & Replication User Guide.
65 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 4. Specify Amazon Bucket
At the Buck et step of the wizard, specify an AWS Region and Amazon S3 bucket where you want to store EC2
instance backups:
1. From the Da ta center drop-down list, select an AWS Region where the Amazon S3 bucket is located. In
case you create a new Amazon S3 bucket, it will be located in the specified AWS Region.
2. In the Buck et field specify a bucket where EC2 instance backups will reside. You can create a new bucket
or select an existing one:
o To create a new bucket, click Browse. In the Select Bucket window, click New Bucket. In the New
Buck et window, enter a name for the bucket. Make sure that this name meets the requirements
described in AWS Documentation.
o To select an existing bucket, enter its name into the Buck et field. As an alternative, you can browse all
buckets existing in the selected AWS Region. To do this, click Browse and select the necessary bucket.
IMP ORTANT
• To browse buckets, you must have permissions for the s3:ListAllMyBuckets action.
• If you have any S3 Lifecycle configuration associated with the selected Amazon S3 bucket,
check that the lifecycle rules are not applied to backup files created by the Veeam Backup
for AWS appliance. Otherwise, the backup files may be unexpectedly deleted or
transitioned to another storage class, and the Veeam Backup for AWS appliance will not
be able to access the files. For more information on managing S3 Lifecycle configurations,
see AWS Documentation.
66 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 5. Configure Encryption
At the E ncryption step of the wizard, you can enable data encryption:
2. Choose whether you want to use a password or KMS keys for encryption. For more information on how
encryption works, see the Backup Repository Encryption section in the Veeam Backup for AWS User Guide.
o To use KMS keys for encryption, select P erform AWS encryption with the following KMS key and
choose the necessary KMS key from the Use the following KMS key drop-down list. For a key to be
displayed in the list of available encryption keys, it must be created as described in AWS
Documentation.
After the repository is created, you will be able to change the KMS key only in the Web UI of the
Veeam Backup for AWS appliance. For more information, see the Editing Backup Repository Settings
section in the Veeam Backup for AWS User Guide.
IMP ORTANT
o To use a password for encryption, select P erform Veeam encryption with the following password .
From the Use the following encryption password drop-down list, select a password that you want to
use.
If you have not added the password beforehand, click the Ma nage passwords link or the Ad d button
to add a password. For more information on adding passwords, see the Creating Passwords section in
the Veeam Backup & Replication User Guide.
67 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
NOTE
If you further plan to change the encryption method, you will need to go through the edit wizard of the
repository or appliance right after you change the encryption method. For more information, see the
Editing Settings of External Repository or Editing Appliance Settings sections.
68 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 6. Apply Settings
At the Ap p ly step of the wizard, wait until Veeam Backup & Replication applies the settings. Click Nex t to
complete adding of the standard backup repository.
69 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 7. Finish Working with Wizard
At the Summary step of the wizard, review settings of the newly created standard backup repository and click
Finish.
70 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Deploying Archive Repositories
For more information on an archive repository, see Adding Backup Repositories.
71 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 1. Launch Add External Repository Wizard
To launch the Ad d External Repository wizard, open the Ba ckup Infrastructure view and do one of the following:
• In the inventory pane, select the E x ternal Repositories node and click Ad d Repository on the ribbon. In the
Ad d External Repository window, select Veea m Backup for AWS > Amazon S3 Glacier.
• In the inventory pane, right-click the E x ternal Repositories node and select Ad d . In the Ad d External
Rep ository window, select Veea m Backup for AWS > Amazon S3 Glacier.
72 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 2. Specify Veeam Backup for AWS Appliance and
Repository Name
At the Veea m Backup for AWS step of the wizard, specify the Veeam Backup for AWS appliance to whose
infrastructure you want to add an archive repository:
1. From the Ap p liance drop-down list, select the necessary Veeam Backup for AWS appliance. The archive
repository will be deployed in the infrastructure of the selected Veeam Backup for AWS appliance.
For an appliance to be displayed in the Ap p liance drop-down list, it must be added to the Veeam Backup &
Replication infrastructure as described in Adding Veeam Backup for AWS Appliances.
2. In the Rep ository name field, enter a name for the archive repository. The maximum length of the name is
125 characters; all special characters except for /!*'()_-. cannot be used.
Veeam Backup & Replication will create a folder with this name in the bucket that you will specify at the
Bucket step of the wizard. The backed-up data will be stored in the created folder.
73 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 3. Specify Amazon Account Settings
At the Account step of the wizard, specify connection settings:
1. From the AW S account drop-down list, select the user credentials to access the archive repository
resources. The user whose credentials you want to use must have permissions listed in the Required
Permissions section.
If you have not added credentials beforehand in the Cloud Credentials Manager, click Ma nage cloud
a ccounts or Ad d to add the necessary credentials. For more information on adding credentials, see the
Access Keys for AWS Users section in the Veeam Backup & Replication User Guide.
2. From the AW S region drop-down list, select the AWS Region in which your Veeam Backup for AWS
appliance resides.
74 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 4. Specify Amazon Bucket and Storage Class
At the Buck et step of the wizard, specify an AWS Region and Amazon S3 bucket where you want to store archive
backups:
1. From the Da ta center drop-down list, select an AWS Region where the Amazon S3 bucket is located or will
be located if you create a new Amazon S3 bucket.
2. In the Buck et field specify the necessary bucket. You can create a new bucket or select an existing one:
o To create a new bucket, click Browse. In the Select Bucket window, click New Bucket. In the New
Buck et window, enter a name for the bucket. Make sure that this name meets the requirements
described in AWS Documentation.
o To select an existing bucket, enter its name into the Buck et field. As an alternative, you can browse all
buckets existing in the selected AWS Region. To do this, click Browse and select the necessary bucket.
IMP ORTANT
• To browse buckets, you must have permissions for the s3:ListAllMyBuckets action.
• If you have any S3 Lifecycle configuration associated with the selected Amazon S3 bucket,
check that the lifecycle rules are not applied to backup files created by the Veeam Backup
for AWS appliance. Otherwise, the backup files may be unexpectedly deleted or
transitioned to another storage class, and the Veeam Backup for AWS appliance will not
be able to access the files. For more information on managing S3 Lifecycle configurations,
see AWS Documentation.
3. By default, the S3 Glacier storage type is assigned to objects stored in the repository. If you plan to access
your data infrequently, for example, twice a year or less often, select the Use the Deep Archive storage
cla ss check box. In this case, the S3 Glacier Deep Archive storage class will be assigned to objects stored in
the repository.
For more information on storage classes and time required to retrieve data from the archive, see AWS
documentation.
75 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
NOTE
One archive repository stores objects of one storage class only. After the repository is created with the
selected storage class, the storage class cannot be changed.
76 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 5. Configure Data Encryption
At the E ncryption step of the wizard, you can enable data encryption:
2. Choose whether you want to use a password or KMS key for encryption. For more information on how
encryption works, see the Backup Repository Encryption section in the Veeam Backup for AWS User Guide.
o To use KMS keys for encryption, select P erform AWS encryption with the following KMS key and
choose the necessary KMS key from the drop-down list. For a key to be displayed in the list of
available encryption keys, it must be created as described in AWS Documentation.
After the repository is created, you will be able to change the KMS key only in the Web UI of the
Veeam Backup for AWS appliance. For more information, see the Editing Backup Repository Settings
section in the Veeam Backup for AWS User Guide.
IMP ORTANT
o To use a password for encryption, select P erform Veeam encryption with the following password .
From the drop-down list, select a password that you want to use.
If you have not added the password beforehand, click the Ma nage passwords link or the Ad d button
to add a password. For more information on adding passwords, see the Creating Passwords section in
the Veeam Backup & Replication User Guide.
77 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
NOTE
If you change the encryption method, you will need to go through the edit wizard of the repository or
appliance right after you change the encryption method. For more information, see the Editing Settings of
External Repository or Editing Appliance Settings sections.
78 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 6. Apply Settings
At the Ap p ly step of the wizard, wait until Veeam Backup & Replication ap plies the settings. Click Nex t to
complete the procedure of adding the archive repository.
79 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 7. Finish Working with Wizard
At the Summary step of the wizard, review settings of the newly created archive repository and click Finish.
80 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Managing Backup Repositories
You can perform different operations for standard and archive repositories:
• Archive repositories
You can remove repositories from Veeam Backup & Replication infrastructure as described in Removing
Repositories. You can also edit archive repositories using the Veeam Backup for AWS appliance Web UI.
For more information, see the Editing Backup Repository Settings section in Veeam Backup for AWS User
Guide.
You can edit, rescan and remove repositories. For more information, see the sections below.
NOTE
If you change the encryption method, you need to go through the edit wizard of the repository or
appliance right after you change the encryption method. For more information, see the Editing Settings of
External Repository or Editing Appliance Settings sections.
For more information on how to remove the repository from the Veeam Backup for AWS appliance, see the
Removing Backup Repositories section in Veeam Backup for AWS User Guide.
81 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Uninstalling Plug-In
If you uninstall AWS Plug-in for Veeam Backup & Replication but do not remove appliances beforehand, mind
the following:
• You will be able to see snapshots and VPC backups. However, you will not be able to do anything with
them.
• You will be able to see image-level backups of EC2 instances and perform data recovery operations for
them (except disk export and application items restore). For more information on recovery operations, see
Data Recovery. Note that restore to Amazon EC2 will work as described in the How Restore to Amazon
EC2 Works section in the Veeam Backup & Replication User Guide.
• You will not be able to create and manage backup policies. You will be able only to remove backup policies
in the Veeam Backup & Replication console.
1. From the Sta rt menu of the machine where AWS Plug-in for Veeam Backup & Replication is installed,
navigate to Control Panel > Programs > P rograms and Features.
2. In the list of installed programs, right-click AW S P lug-in for Veeam Backup & Replication and select
Uninstall.
82 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Data Protection
With AWS Plug-in for Veeam Backup & Replication, you can protect the following workloads:
• EC2 instances
• RDS instances
• VPC configurations
To protect these workloads, you need to create backup policies. A backup policy is a collection of settings that
define the way backup operations are performed: what data to back up, where backups must be stored, when
the backup process must start and so on. For more information, see Creating Backup Policies.
After the policies are created, you can manage them as described in Managing Backup Policies.
The backup copy jobs allow you to create and keep multiple instances of the same backed -up data in different
locations. For more information, see Creating Backup Copy Jobs for EC2 Instances.
The backup to tape jobs allow you to keep backups of EC2 instances on tape devices. For more information, see
Copying EC2 Instance Backups to Tapes.
83 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Creating Backup Policies
When you create a backup policy, Veeam Backup & Replication redirects you to the Veeam Backup for AWS Web
UI where you can add a backup policy directly to Veeam Backup for AWS. For more information on the backup
policies, see the following sections in the Veeam Backup for AWS User Guide:
NOTE
VPC backup policy is created automatically on the Veeam Backup for AWS appliance. That is why you can
only manage this policy: edit, enable and disable. For more information on VPC backup policy, see the
Performing VPC Configuration Backup section in the Veeam Backup for AWS User Guide.
1. Launch and complete the Ad d Policy wizard using one of the following instructions:
o On the Home tab, navigate to Ba ckup Job > AW S and click E C2, RDS or E FS.
o Open the Home view. In the inventory pane, right-click the Job s node and select Ba ckup > AW S, then
click E C2, RDS or E FS.
If you have several Veeam Backup for AWS appliances added to the Veeam Backup & Replication
infrastructure, select the necessary appliance under the E C2, RDS or E FS node.
2. Follow the instructions provided in one of the following sections in the Veeam Backup for AWS User
Guide:
84 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Managing Backup Policies
After you install AWS Plug-in for Veeam Backup & Replication, you can use the Veeam Backup & Replication
console to manage backup policies created with Veeam Backup for AWS. You can start, stop, disable and delete
backup policies directly in the Veeam Backup & Replication console.
85 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Starting and Stopping Policies
You can start a backup policy manually. For example, if you want to create an additional restore point in the
snapshot or backup chain and do not want to modify the configured backup policy schedule. You can also stop a
running backup policy if processing of a workload is about to take too long, and you do not want the policy to
produce heavy workload on the production environment during business hours.
3. In the working area, select the necessary backup policy and click Sta rt on the ribbon. Alternatively, right-
click the selected policy and click Sta rt.
86 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
3. In the working area, select the necessary backup policy and click Stop on the ribbon. Alternatively, right-
click the selected policy and select Stop . In the displayed window, click Y es .
Veeam Backup for AWS will not produce a restore point for instances, which are added to a backup policy,
but have not been processed by the time you stop the policy.
87 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Editing Policy Settings
After you install AWS Plug-in for Veeam Backup & Replication, you can edit settings of backup policies created
in Veeam Backup for AWS. For example, you can add more EC2 instances to an EC2 backup policy or change the
backup policy description.
3. In the working area, select the backup policy that you want to edit, and click E d it on the ribbon.
Alternatively, right-click the policy and select E d it. The E d it Policy wizard will open in your browser.
4. Depending on the type of the selected policy, edit the policy as described in one of the following sections
in the Veeam Backup for AWS User Guide:
88 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Disabling and Removing Policies
AWS Plug-in for Veeam Backup & Replication allows you to temporarily disable or permanently delete backup
policies created by Veeam Backup for AWS. When you disable a backup policy, Veeam Backup for AWS disables
the schedule configured for the backup policy. This means that the backup policy will no longer start
automatically. You can enable and start the disabled policy manually any time you need.
3. In the working area, select the necessary backup policy and click Disable on the ribbon. Alternatively,
right-click the necessary backup policy and select Disable.
TIP
89 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
3. In the working area, select the necessary backup policy and click Delete on the ribbon. Alternatively,
right-click the necessary backup policy and select Delete.
90 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Managing Backed-Up Data
You can manage backed-up data in the following ways.
3. In the working area, select a backup policy whose image-level backups you want to decrypt or select an
individual backup. Then click Sp ecify Password on the ribbon, or right-click one of the selected backups,
and select Sp ecify password.
In the Hint field, you can see a hint for the password used to encrypt the backup files. Use this hint to
recall the password.
91 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Alternatively, you can specify a decryption password at the Buck et step of the E d it External Repository wizard.
For more information on how to open the wizard, see the Editing Settings of External Repository section in the
Veeam Backup & Replication User Guide.
Data retrieval is required if you want to restore EC2 instances from archive backups. Veeam Backup &
Replication will suggest you to retrieve data directly from the Restore to Amazon EC2 wizard.
1. Launch the restore wizard as described in Launch Restore to Amazon EC2 Wizard.
2. At the Ma chine step of the restore wizard, select a EC2 instance whose backup is stored in an archive
repository. Click Nex t.
3. [If the backup is also stored in a standard repository] In the Confirm restore window, click Gla cier.
5. At the Retrieval Mode step of the Retrieve Backup wizard, select a method for data retrieval:
o E x pedited. The most expensive method. The retrieved data will be available within 1–5 minutes.
NOTE
Amazon does not support the expedited method for data stored in the S3 Glacier Deep Archive
storage class.
o Sta ndard. The recommended method. The retrieved data will be available within 3–5 hours for data
stored in the Amazon S3 Glacier storage class and within 12 hours for data stored in the Amazon S3
Glacier Deep Archive storage class.
92 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
o Bulk . The least expensive method. The retrieved data will be available within 5–2 hours for data
stored in the Amazon S3 Glacier storage class and within 48 hours for data stored in the Amazon S3
Glacier Deep Archive storage class.
6. At the Ava ilability Period step of the Retrieve Backup wizard, do the following:
a. In the Keep retrieved data a vailable for field, specify the number of days for which you want to keep
the data available for restore operations.
The data will be available during the day when the retrieval finishes plus the specified number of
days. Each day starts at 12 AM (UTC) and ends at 11:59 PM (UTC). For example, if the data retrieval
finished at 3 PM (UTC), June 6, and the number of days is set to 1, the data will be available till 11:59
PM (UTC), June 7.
b. If you want to receive an email notification when data availability period is about to expire, select the
Send notification email check box, and specify the number of hours before the expiration time when
the notification must be sent.
Check that you have configured global email notification settings as described in the Configuring
Global Email Notification Settings section in the Veeam Backup & Replication User Guide.
7. At the Summary step of the Retrieve Backup wizard, review settings for data retrieval and click Finish.
The retrieved data will be available on the Home view, in the Da ta Retrieval node of the inventory pane.
3. In the working area, select the EC2 instance for which you want to extend availability of the retrieved
data.
93 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
4. On the ribbon, click E x tend Availability. Alternatively, right-click the selected EC2 instance and click
E x tend availability.
4. In the opened window, specify the number of days for which you want to keep the data available for
restore operations. Click OK.
94 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Creating Backup Copy Jobs for EC2
Instances
Having just one backup does not provide the necessary level of safety. The primary backup of EC2 instance may
get lost together with production data, and you will have no backups from which you can restore data. Veeam
Backup & Replication offers the backup copy functionality that allows you to create a nd keep multiple instances
of the same backup data in different locations.
Backup copy is a job-driven process. Veeam Backup & Replication fully automates the backup copy process and
lets you specify retention settings to maintain the desired number of res tore points, as well as full backups for
archival purposes. For more information on the backup copy functionality, see the Backup Copy section in the
Veeam Backup & Replication User Guide.
2. Complete the New Ba ckup Copy Job wizard as described in the Creating Backup Copy Jobs section in the
Veeam Backup & Replication User Guide.
95 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Copying EC2 Instance Backups to Tapes
Storing data on tape devices helps you improve the level of safety and implement the 3 -2-1 rule (3 copies, 2
types of media, 1 offsite location).
To administer all operations on tapes in your Veeam Backup & Replication console, Veeam Backup & Replication
allows you to automate copying of image-level backups to tape devices and lets you specify scheduling,
archiving and media automation options. For more information on the supported tapes and operations which
you can perform with tapes, see the Tape Devices Support section in the Veeam Backup & Replication User
Guide.
1. Check that you have copied EC2 instance backups to on-premises repositories.
If you have not copied the backups, follow the instructions provided in Creating Backup Copy Jobs for EC2
Instances.
a. Connect tape devices as described in the Tape Devices Deployment section in the Veeam Backup &
Replication User Guide.
b. Perform the initial configuration as described in steps 1–3 of the Getting Started with Tapes section in
the Veeam Backup & Replication User Guide.
3. Create a backup to tape job as described in the Creating Backup to Tape Jobs section in the Veeam Backup
& Replication User Guide.
96 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Viewing Statistics
After you install AWS Plug-in for Veeam Backup & Replication, you can use the Veeam Backup & Replication
console to view real-time statistics for any backup policy. For more information on how to review statistics, see
the Reporting section in the Veeam Backup & Replication User Guide.
97 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Data Recovery
Veeam Backup for AWS offers the following recovery options for various disaster recovery scenarios:
• Instant Recovery
• VM Disk Export
Restore disks of EC2 instances from backups created by Veeam Backup for AWS and convert them to disks
in the VMDK, VHD or VHDX format.
Restore application items (Microsoft Active Directory, Microsoft Exchange, Microsoft SharePoint, and
Microsoft SQL Server).
98 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Restoring Amazon EC2 Instances
In case a disaster strikes, you can restore entire Amazon EC2 instances from cloud -native snapshots or image-
level backups.
To restore EC2 instances from cloud-native snapshots, Veeam Backup & Replication invokes native AWS
capabilities. To restore EC2 instances from image-level backups, Veeam Backup & Replication uses different
algorithms depending on whether a Veeam Backup for AWS appliance is present in the Veeam Backup &
Replication infrastructure:
• If a Veeam Backup for AWS appliance and standard backup repositories connected to it are present in the
Veeam Backup & Replication infrastructure, Veeam Backup & Replication uses the restore algorithm
described in the Entire EC2 Instance Restore section in the Veeam Backup for AWS User Guide.
• If a Veeam Backup for AWS appliance is not present in the Veeam Backup & Replication infrastructure and
only standard backup repositories connected to this appliance are present there, Veeam Backup &
Replication uses the restore algorithm described in the How Restore to Amazon EC2 Works section in the
Veeam Backup & Replication User Guide.
NOTE
Restore to an outpost is available only in the Veeam Backup for AWS Web UI. For more information on how
to restore to the outpost, see the Performing Entire EC2 Instance Restore section in Veeam Backup for AWS
User Guide.
99 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 1. Launch Restore to Amazon EC2 Wizard
To restore data from image-level backups or cloud-native snapshots, launch the Restore to Amazon EC2 wizard.
However, we recommend that you restore Amazon EC2 instances from cloud -native snapshots. In this case,
Veeam Backup & Replication will be able to invoke native AWS capabilities to make the restore process
complete faster.
• On the Home tab, click Restore and select AW S. In the Restore window, select Ama zon EC2 > Restore from
Ama zon EC2 snapshot if you want to restore from cloud-native snapshots, or Ama zon EC2 > Restore from
Veeam backup if you want to restore from image-level backups.
• Open the Home view. In the inventory pane, navigate to Ba ckups > E xternal Repository if you want to
restore from image-level backups, or to Ba ckups > Sna pshots if you want to restore from cloud-native
snapshots. In the working area, expand the necessary backup policy, select EC2 instances that you want to
restore and click Ama zon EC2 on the ribbon. Alternatively, right-click one of the selected instances and
select Restore to Amazon E C2.
100 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 2. Select EC2 Instances and Restore Points
At the Ma chine step of the wizard, select Amazon EC2 instances that you plan to restore and select a restore
point for each EC2 instance:
2. In the Ba ckup Browser window, expand the necessary backup policy, select EC2 instances and click Ad d .
3. By default, AWS Plug-in for Veeam Backup & Replication restores EC2 instances to the latest state.
However, you can restore EC2 instances to an earlier state:
a. In the Virtual machines to restore list, select the necessary EC2 instance and click P oint.
b. In the Restore Points window, select the restore point from which you want to restore the instance
and click Ad d .
[If you restore from image-level backups] Each restore point is marked with a flag of the related
retention scheme type: the (R) flag is used to mark restore points created with daily retention, (W) —
weekly, (M) — monthly, and (Y) — yearly.
If the selected restore point is stored in an archive repository, Veeam Backup & Replication will suggest
you to retrieve data. Without data retrieval, restore process is not possible. For more information on data
retrieval and how to configure it, see Retrieving Data from Archive. After you finish the data retrieval
wizard, you will return to the restore wizard to finish the restore configuration. Note that the restore
process itself will start only after the data retrieval process finishes.
If the selected restore point is stored in both standard backup repository and archive repository, Veeam
Backup & Replication will prompt you to choose repository whose data must be used.
101 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 3. Choose Restore Mode
At the Restore Mode step of the wizard, choose whether you want to restore Amazon EC2 instances to the
original or new location:
• To restore EC2 instances with initial settings to the original AWS Region, select the Restore to the original
loca tion option.
If you select this option, you will proceed to the Reason step of the wizard.
NOTE
• To restore to the original location, the IAM role that you specify must belong to the AWS
account where the selected restore point was created.
• The original EC2 instance will be automatically powered off and removed from Amazon EC2
after the restore process completes successfully.
• The private IP address of an EC2 instance will be restored only if this address is not used. If the
address is used, a new private IP address will be assigned to the restored EC2 instance.
• To restore EC2 instances to a different AWS Region or with different settings, select the Restore to a new
loca tion, or with different settings option.
If you select this option, the Restore to Amazon EC2 wizard will include additional steps for specifying the
target AWS Region and EC2 instance settings.
102 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 4. Specify IAM Identity
At the Restore Mode step of the wizard, you can specify whether you want to use an already existing IAM role or
a one-time access key. The specified IAM identity defines the AWS account that will be used to restore Amazon
EC2 instances.
a. At the Restore Mode step, click the P ick account to use link.
c. From the IAM role drop-down list, select the role that you want to use during restore.
For an IAM role to be displayed in the list of available roles, it must be created in advance on the
appliance. For more information on IAM roles, see the IAM Roles section in the Veeam Backup for AWS
User Guide.
• To restore EC2 instances using a one-time access key of an IAM user, do the following:
a. At the Restore Mode step, click the P ick account to use link.
c. In the Access key field, specify an access key ID of the IAM user that you want to use during restore.
To be able to use an access key, you must create an IAM user access key (access key ID and access
secret key) in advance as described in the AWS documentation.
d. In the Secret key field, specify a secret access key of the IAM user.
Note that neither Veeam Backup & Replication nor Veeam Backup for AWS store one-time access keys in
the configuration databases.
103 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
IMP ORTANT
The IAM role and IAM user that you plan to use when restoring EC2 instances must have permissions
described in this Veeam KB article.
104 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 5. Specify Datacenter Region
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Da ta Center step of the wizard, select the geographical location of the datacenter where restored EC2
instances will reside.
If the selected location differs from the original location of the EC2 instances, you will see a warning message
notifying that the locations do not match. Click Y es to acknowledge the warning. Otherwise, you will not be
able to proceed to the next step of the wizard.
105 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 6. Configure Instance Types and Encryption
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Instance step of the wizard, specify instance types for the restored EC2 instances and choose whether
EBS volumes of these EC2 instances must be encrypted with KMS keys. For more information on KMS keys, see
the AWS KMS keys section in AWS documentation.
1. In the Instances list, select the necessary EC2 instance and click Ty p e.
2. From the E C2 instance type drop-down list, select an instance type to which the EC2 instance will be
sized.
For more information on supported EC2 instance types, see the Amazon EC2 Instance Types section in
AWS documentation.
3. In the Instances list, select the necessary EC2 instances and click E ncryption.
o If you do not want to encrypt the EC2 instance or want to apply the existing encryption scheme,
select the P reserve the original encryption settings option. Then click OK.
o If you want to encrypt the EC2 instance, select the Use the following encryption password option.
From the list of available KMS keys, select the required KMS key. Then click OK.
106 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
IMP ORTANT
• KMS keys must be from the same AWS Region as that you specified at the Data Center
step of the wizard.
• The IAM role or IAM user that will be used for restore must have permissions to access the
KMS key.
107 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 7. Specify Instance Names
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Na me step of the wizard, you can specify a new name for each restored Amazon EC2 instance:
1. In the Ma chine list, select the necessary EC2 instances and click Na me.
a. If you have selected one EC2 instance, specify a name under which the EC2 instance will be restored.
b. If you have selected multiple EC2 instances, specify a prefix or suffix that will be added to the original
names. For this, select the necessary check box and type the text to be added.
108 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 8. Configure Network Settings
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Network step of the wizard, select Amazon VPCs, subnets and security groups to which restored EC2
instances will be connected:
1. In the Virtual private cloud list, select the necessary EC2 instances and click Customize.
2. From the Ama zon VPC drop-down list, select an Amazon VPC where the restored EC2 instances will be
launched.
For an Amazon VPC to be displayed in the drop-down list, it must be created in advance as described in
the Working with VPCs and subnets section in the AWS documentation.
3. From the Sub net drop-down list, select a subnet where the restored EC2 instances will reside.
For a subnet to be displayed in the drop-down list, it must be created in advance as described in the
Working with VPCs and subnets section in the AWS documentation.
4. From the Security group drop-down list, select a security group that will be associated with the restored
instances.
For a security group to be displayed in the drop-down list, it must be created in advance as described in
the Working with security groups section in the AWS documentation.
5. From the P ub lic access drop-down list, select one of the following options:
o Select Do not assign if you want the selected instances to have only private IP addresses — that is, the
instances will be accessible only within the selected VPC.
o Select Assign if you want the instances to have public IP addresses in addition to private IP addresses
— that is, the instances will be accessible from the internet.
109 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
NOTE
To allow public access to an EC2 instance, the security group of the instance must allow public
access.
110 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 9. Specify Restore Reason
At the Rea son step of the wizard, specify a reason for restoring Amazon EC2 instances. The information you
provide will be saved in the session history and you can reference it later.
111 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 10. Finish Working with Wizard
At the Summary step of the wizard, review the configured restore settings and click Finish.
If you want to start EC2 instances right after restore, select the P ower on target VM after restoring check box.
112 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Restoring Amazon RDS Instances
Veeam Backup & Replication allows you to restore Amazon RDS instances from cloud -native snapshots. To
restore RDS instances, Veeam Backup & Replication invokes native AWS capabilities. For more information on
how RDS instance restore works, see the RDS Instance Restore section in the Veeam Backup for AWS User Guide.
113 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 1. Launch Restore to Amazon RDS Wizard
To launch the Restore to Amazon RDS wizard, do one of the following:
• On the Home tab, click Restore and select AW S. In the Restore window, select Ama zon RDS instance.
• Open the Home view. In the inventory pane, navigate to the Ba ckups > Snapshots node. In the working
area, expand the necessary backup policy, select RDS instances that you want to restore and click Ama zon
RDS on the ribbon. Alternatively, right-click one of the selected instances and select Restore to Amazon
RDS.
114 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 2. Select RDS Instances and Restore Points
At the RDS Instance step of the wizard, select Amazon RDS instances that you plan to restore and select a
restore point for each RDS instance:
2. In the Ba ckup Browser window, expand the necessary backup policy, select RDS insta nces and click Ad d .
3. By default, AWS Plug-in for Veeam Backup & Replication restores RDS instances to the latest state.
However, you can restore RDS instances to an earlier state:
a. In the RDS instance list, select the necessary RDS instance and click P oint.
b. In the Restore Points window, select the restore point from which you want to restore the instance
and click Ad d .
115 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 3. Choose Restore Mode
At the Restore Mode step of the wizard, choose whether you want to restore Amazon RDS instances to the
original or new location:
• To restore RDS instances with initial settings to the original AWS Region, select the Restore to the original
loca tion option. Note that the original RDS instance will be automatically powered off and removed from
Amazon RDS after the restore process completes successfully.
If you select this option, you will proceed directly to the Reason step of the wizard.
NOTE
The Restore to the original location option is disabled in the following cases:
• If the IAM role that you specify belongs to an account that differs from the account used to
perform RDS instance backup.
• If snapshots of RDS instances from which you restore are Amazon DB instance snapshots
created in AWS without using Veeam Backup for AWS.
• To restore RDS instances to a different AWS Region or with different settings, select the Restore to a new
loca tion, or with different settings option.
If you select this option, the Restore to Amazon RDS wizard will include additional steps for specifying the
target AWS Region and RDS instance settings.
116 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 4. Specify IAM Identity
At the Restore Mode step of the wizard, you can specify whether you want to use an already existing IAM role or
a one-time access key. The specified IAM identity defines the AWS account that will be used to restore Amazon
RDS instances.
a. At the Restore Mode step, click the P ick account to use link.
c. From the IAM role drop-down list, select the role that you want to use during restore.
For an IAM role to be displayed in the list of available roles, it must be created in advance on the
appliance. For more information on IAM roles, see the IAM Roles section in the Veeam Backup for AWS
User Guide.
• To restore RDS instances using a one-time access key of an IAM user, do the following:
a. At the Restore Mode step, click the P ick account to use link.
c. In the Access key field, specify an access key ID of the IAM user that you want to use during restore.
To be able to use an access key, you must create an IAM user access key (access key ID and access
secret key) in advance as described in the AWS documentation.
d. In the Secret key field, specify a secret access key of the IAM user.
Note that neither Veeam Backup & Replication nor Veeam Backup for AWS store one-time access keys in
the configuration databases.
117 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
IMP ORTANT
The IAM role and IAM user that you plan to use when restoring RDS instances must have permissions
described in this Veeam KB article.
118 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 5. Specify Datacenter Region
[This step is available if you have chosen to restore Amazon RDS instances to a new location or with different
settings.]
At the Da ta Center step of the wizard, select the geographical location of the datacenter where restored RDS
instances will reside.
If the selected location differs from the original location of the RDS instances, you will see a warning message
notifying that the locations do not match. Click Y es to acknowledge the warning. Otherwise, you will not be
able to proceed to the next step of the wizard.
119 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 6. Configure Instance Types and Encryption
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Instance Type step of the wizard, you can select the type for the restored instances, storage types and
choose whether EBS volumes of these RDS instances must be encrypted with KMS keys. For more information
on KMS keys, see the AWS KMS keys section in AWS documentation.
a. In the RDS instance list, select the necessary RDS instance and click Ty p e.
i. From the RDS instance type drop-down list, select the necessary instance type.
For more information on instance types, see the Amazon RDS Instance Types section in AWS
documentation.
ii. In the Disk type area, select the necessary storage type. If you select provisioned IOPS SSD
storage, also specify the desired IOPS rate.
For more information on storage types, see the Amazon RDS DB instance storage section in AWS
documentation.
a. In the RDS instance list, select the necessary RDS instance and click E ncryption.
▪ If you do not want to encrypt the RDS DB instance or want to apply the existing encryption
scheme, select the P reserve the original encryption settings option. Then click OK.
▪ If you want to encrypt the RDS DB instance, select the Use the following encryption password
option. From the list of available KMS keys, select the required KMS key. Then click OK.
120 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
IMP ORTANT
• KMS keys must be from the same AWS Region as that you specified at the Data Center
step of the wizard.
• The IAM role or IAM user that will be used for restore must have permissions to access the
KMS key.
121 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 7. Configure Parameter and Option Groups
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Instance Configuration step of the wizard, you can associate RDS instances with parameter and option
groups:
1. In the RDS instance list, select the necessary RDS instance and click E d it.
a. From the P a rameter group drop-down list, select the parameter group with database engine
configuration values that will be applied to the restored RDS instance.
For a parameter group to be displayed in the drop-down list, it must be created in advance as
described in the Creating a DB parameter group section in AWS documentation.
b. From the Op tion group drop-down list, select the option group with database configuration values
and security settings that will be applied to the restored RDS instance.
For an option group to be displayed in the drop-down list, it must be created in advance as described
in the Creating an option group section in AWS documentation.
c. Click OK.
NOTE
You can select only default Amazon parameter and option groups and those groups that are
compatible with the database engine and version of the original instance.
122 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 8. Specify Database Identifier
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Id entifier step of the wizard, you can change RDS instance identifiers and configure advanced settings
such as an amount of storage to allocate for your RDS instances, the backup retention period and so on:
1. To change an identifier, select the necessary RDS instance in the Da tabases list, and click Id entifier. In the
RDS Instance Identifier window, specify the identifier. Click OK.
NOTE
• An RDS instance identifier must be unique for each AWS Region within one AWS Account.
• The identifier can contain only lowercase Latin letters or hyphens, but cannot contain two
consecutive hyphens. You cannot use a hyphen as the last character of the identifier.
• The maximum length of the instance identifier is 63 characters.
For more information on limitations for RDS instance identifiers, see AWS Documentation.
2. To configure advanced settings, select the necessary RDS instance in the Da tabases list and click
Ad vanced. In the Ad vanced Settings window, select a setting that you want to change, and click E d it.
Then specify a value and click OK.
For more information on the settings for RDS instances, see the Settings for DB instances section in AWS
documentation.
123 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 9. Configure Network and Availability
Settings
[This step is available if you have selected the Restore to a new location, or with different settings option at the
Restore Mode step of the wizard.]
At the Network step of the wizard, configure availability settings and network settings such as Amazon VPCs,
subnet groups and security groups:
1. To configure network settings, in the RDS instance list, select the necessary RDS instances and click
Customize. In the Ama zon VPC window, do the following:
a. From the Ama zon VPC drop-down list, select a VPC where the restored RDS instances will be
launched.
For a VPC to be displayed in the drop-down list, it must be created in advance as described in the
Working with VPCs and subnets section in the AWS documentation.
b. From the Sub net group drop-down list, select a subnet group where the restored RDS instances will
reside.
For a subnet group to be displayed in the drop-down list, it must be created in advance as described
in the Working with VPCs and subnets section in the AWS documentation.
c. From the Security group drop-down list, select a security group that will be associated with the
restored instances.
For a security group to be displayed in the drop-down list, it must be created in advance as described
in the Working with security groups section in the AWS documentation.
d. In the Da tabase port field, specify a port number which can be used to access the RDS instances.
The port range for all engines must be 1150–65535. For SQL, the port range must be 1150–65535
except for 1234, 1434, 3260, 3343, 3389, 47001 and 49152–49156.
e. Click OK.
NOTE
You are able to select only those subnet groups and security groups that are created in the selected
Amazon VPC.
2. To configure availability settings, in the RDS instance list, select the necessary RDS instances and click
Ava ilability. In the Ava ilability Settings window, do the following:
a. From the P ub lic access drop-down list, select one of the following options:
▪ Select Disabled if you want the selected instances to have only private IP addresses — that is,
the instances will be accessible only within the selected VPC.
▪ Select Enabled if you want the instances to have public IP addresses in addition to private IP
addresses — that is, the instances will be accessible from the internet.
NOTE
To allow public access to an RDS instance, the security group of the instance must allow
public access.
b. From the Ava ilability type drop-down list, select one of the following options:
124 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
▪ Select Single zone if you want the restored RDS instances to run in a single availability zone.
Then select the necessary availability zone from the Ava ilability zone drop-down list. In the
drop-down list, you will see those availability zones in which subnets from the selected subnet
group reside.
▪ Select Multiple zone if you want the restored RDS instances to run in one availability zone and to
be replicated to another availability zone — that is, if you want the restored RDS instances to run
in a Multi-AZ deployment. For more information on the Multi-AZ deployment, see High
availability (Multi-AZ) for Amazon RDS.
NOTE
Multi-AZ deployment is not available for RDS instances running Microsoft SQL Server
Express or Microsoft SQL Server Web editions.
c. Click OK.
125 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 10. Specify Restore Reason
At the Rea son step of the wizard, specify a reason for restoring Amazon RDS instances. The information you
provide will be saved in the session history and you can reference it later.
126 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 11. Finish Working with Wizard
At the Summary step of the wizard, review the configured restore settings and click Finish.
127 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Restoring Entire EFS File Systems
Veeam Backup & Replication allows you to restore Amazon EFS file systems from cloud -native backups. To
restore an entire EFS file system, Veeam Backup & Replication invokes native AWS capabilities. For more
information on how EFS restore works, see the Performing Entire File System Restore section in the Veeam
Backup for AWS User Guide.
128 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 1. Launch Restore to Amazon EFS Wizard
To launch the Restore to Amazon EFS wizard, do one of the following:
• On the Home tab, click Restore > AW S. In the Restore window, select Ama zon EFS.
• Open the Home view. In the inventory pane, navigate to the Ba ckups > Snapshots node. In the working
area, expand the necessary backup policy, select EFS file system that you want to restore and click
Ama zon EFS on the ribbon. Alternatively, right-click one of the selected file systems and select Restore to
Ama zon EFS.
129 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 2. Select File Systems and Restore Points
At the E FS File System step of the wizard, select Amazon EFS file systems that you plan to restore and select a
restore point for each file system:
2. In the Ba ckup Browser window, expand the necessary backup policy, select the necessary file systems and
click Ad d .
3. By default, AWS Plug-in for Veeam Backup & Replication restores EFS file systems to the latest state.
However, you can restore file systems to an earlier state:
a. In the E FS file system list, select the necessary EFS file system and click P oint.
b. In the Restore Points window, select the restore point from which you want to restore the file system
and click Ad d .
130 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 3. Choose Restore Mode
At the Restore Mode step of the wizard, choose whether you want to restore Amazon EFS file systems to the
original or new location:
• To restore EFS file systems with initial settings to the original AWS Region, select the Restore to the
original location option.
If you select this option, you will proceed directly to the Reason step of the wizard.
NOTE
• The original EFS file system will be removed after the restore process completes successfully.
• The restored file systems will not be mounted to any EC2 instances even if the original file
systems were mounted.
• To restore EFS file systems to a different AWS Region or with different settings, select the Restore to a
new location, or with different settings option.
If you select this option, the Restore to Amazon EFS wizard will include additional steps for specifying the
target AWS Region and file system settings.
131 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 4. Specify IAM Identity
At the Restore Mode step of the wizard, you can specify whether you want to use an already existing IAM role or
a one-time access key. The specified IAM identity defines the AWS account that will be used to restore Amazon
EFS file systems.
a. At the Restore Mode step, click the P ick account to use link.
c. From the IAM role drop-down list, select the role that you want to use during restore.
For an IAM role to be displayed in the list of available roles, it must be created in advance on the
appliance. For more information on IAM roles, see the IAM Roles section in the Veeam Backup for AWS
User Guide.
• To restore EFS file systems using a one-time access key of an IAM user, do the following:
a. At the Restore Mode step, click the P ick account to use link.
c. In the Access key field, specify an access key ID of the IAM user that you want to use during restore.
To be able to use an access key, you must create an IAM user access key (access key ID and access
secret key) in advance as described in the AWS documentation.
d. In the Secret key field, specify a secret access key of the IAM user.
Note that neither Veeam Backup & Replication nor Veeam Backup for AWS store one-time access keys in
the configuration databases.
132 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
IMP ORTANT
• The IAM role or IAM user that you plan to use when restoring EC2 instances must have permissions
described in this Veeam KB article.
• Cross-account restore is not supported. Make sure, that the specified IAM role or one-time access
keys belong to an AWS account where the source file system resides.
133 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Step 5. Specify Datacenter Region
[This step is available if you have chosen to restore Amazon EFS file systems to a new location or with different
settings.]
At the Da ta Center step of the wizard, select the geographical location of the datacenter where restored EFS file
systems will reside.
If the selected location differs from the original location of the EFS file systems, you will see a warning message
notifying that the locations do not match. Click Y es to acknowledge the warning. Otherwise, you will not be
able to proceed to the next step of the wizard.
134 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 6. Configure Performance Modes and
Encryption
[This step is available if you have chosen to restore Amazon EFS file systems to a new location or with different
settings.]
At the E FS Configuration step of the wizard, you can select a storage class, performance mode, availability zone
and choose whether the restored EFS file systems must be encrypted with KMS keys. For more information on
KMS keys, see the AWS KMS keys section in AWS documentation.
1. To specify a storage class, performance mode and availability zone, do the following:
a. In the E FS file system list, select the necessary EFS file system and click Red undancy.
i. From the Storage class redundancy drop-down list, select the necessary storage class. If you
want to store the restored file system data redundantly across multiple availability zones, select
Regional. If you want to store the restored file system data red undantly within a single
availability zone, select One Zone.
For more information on storage classes, see the Storage classes and lifecycle management
section in AWS documentation.
ii. From the P erformance mode drop-down list, select the necessary performance mode. Note that
for the One Zone storage class, only the General Purpose performance mode can be used.
For more information on performance modes, see the Performance modes section in AWS
documentation.
iii. [For One Zone storage class] From the Ava ilability zone drop-down list, select an availability
zone where the file system will be stored.
a. In the E FS file system list, select the necessary file system and click E ncryption.
▪ If you do not want to encrypt the file system instance or want to apply the existing encryption
scheme, select the P reserve the original encryption settings option. Then click OK.
▪ If you want to encrypt the file system, select the Use the following encryption password option.
From the list of available KMS keys, select the required KMS key. Then click OK.
135 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
IMP ORTANT
• KMS keys must be from the same AWS Region as that you specified at the Data Center
step of the wizard.
• The IAM role or IAM user that will be used for restore must have permissions to access the
KMS key.
136 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 7. Specify File System Names
[This step is available if you have chosen to restore Amazon EFS file systems to a new location or with different
settings.]
At the Na me step of the wizard, you can specify a name for each restored EFS file system:
1. In the E FS file system list, select the necessary file systems and click Na me.
a. If you have selected one file system, specify a name under which the file system will be restored.
b. If you have selected multiple file systems, specify a prefix or suffix that will be added to the original
names. For this, select the necessary check box and type the text to be added.
137 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Step 8. Configure Network Settings
[This step is available if you have chosen to restore Amazon EFS file systems to a new location or with different
settings.]
At the Network step of the wizard, configure Amazon VPC and mount targets for the file systems. Mount target
settings are the following: subnets, security groups and IP address types. For more information on mount
targets, see the Managing file system network accessibility section in AWS documentation.
1. To specify a VPC, select the necessary file system in the E FS file system list and click VP C . In the Ama zon
VP C window, select the VPC.
2. To configure mount target settings for the selected availability zones, do the following :
a. In the E FS file system list, select the necessary file system and click Ta rget.
b. In the Mount Target window, select an availability zone for which you want to configure mount target
settings and click E d it.
TIP
If you have selected Regional storage class at the EFS Configuration step of the wizard, you can
configure one mount target.
i. From the Sub net group drop-down list, select a subnet where the mount point will reside.
For a subnet group to be displayed in the drop-down list, it must be created in advance as
described in the Work with VPCs and subnets section in the AWS documentation.
ii. From the Security group drop-down list, select a security group that will be associated with the
mount target.
For a security group to be displayed in the drop-down list, it must be created in advance as
described in the Work with security groups section in the AWS documentation.
138 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
iii. In the IP address type area, select the type of an IP address for the mount target.
139 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 9. Specify Restore Reason
At the Rea son step of the wizard, specify a reason for restoring Amazon EFS file systems. The information you
provide will be saved in the session history and you can reference it later.
140 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Step 10. Finish Working with Wizard
At the Summary step of the wizard, review the configured restore settings and click Finish.
141 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Restoring EFS Files and Folders
Veeam Backup & Replication allows you to launch restore of files a nd folders for EFS file systems. Restore is
performed from cloud-native backups as described Performing File-Level Restore section in Veeam Backup for
AWS User Guide. If you want to restore the entire file system, see Restoring Entire EFS File Systems.
1. Launch the E FS File-Level Recovery wizard. To do that, open the Home view and navigate to the Ba ckups
> Sna pshots node in the inventory pane. In the working area, select the EFS files system for which you
want to restore files and folders. On the ribbon, click Ama zon EFS file.
2. Complete the wizard as described in the Performing File-Level Restore section in the Veeam Backup for
AWS User Guide.
142 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Restoring Amazon VPC Configurations
Veeam Backup & Replication allows you to restore an entire VPC configuration from a backup. For more
information on how entire VPC configuration restore works, see Performing Entire Configuration Restore section
in Veeam Backup for AWS User Guide.
1. Launch the VP C Restore wizard. To do that, open the Home view and navigate to the Ba ckups > E xternal
Rep ository node in the inventory pane. In the working area, select the AWS Region for which you want to
restore the VPC configuration. On the ribbon, click Ama zon VPC.
2. Complete the wizard as described in the VPC Configuration Restore section in the Veeam Backup for AWS
User Guide.
143 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Performing Instant Recovery
Instant Recovery helps you immediately restore Amazon EC2 instances from image-level backups to VMware
vSphere or Hyper-V environment.
For more information on Instant Recovery to VMware vSphere, see the Instant Recovery section in the Veeam
Backup & Replication User Guide for VMware vSphere. For more information on Instant Recovery to Hyper-V,
see the Instant Recovery section in the Veeam Backup & Replication User Guide for Microsoft Hyper -V.
1. Check that you have added to the backup infrastructure a vCenter Server that will manage restored EC2
instances.
If you have not added the server, follow the instructions provided in the Adding VMware vSphere Servers
section in the Veeam Backup & Replication User Guide.
To do that, in the inventory pane, navigate to the Ba ckups > E x ternal Repository node. In the working
area, expand the necessary job, and select backups of EC2 instances that you want to recover. On the
ribbon, click Instant Recovery > VMware vSphere. Then follow the instructions provided in the Performing
Instant Recovery of Workloads to VMware vSphere VMs section in the Veeam Backup & Replication User
Guide.
NOTE
When you perform Instant Recovery to VMware vSphere environment for EC2 instances, you will not
be able to choose a restore mode and configure a helper appliance.
144 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Instant Recovery to Hyper-V
To perform Instant Recovery to Hyper-V environment, do the following:
1. Check that you have added to the backup infrastructure a Microsoft Hyper -V server to which you plan to
restore EC2 instances.
If you have not added a Microsoft Hyper-V server follow the instructions provided in the Adding Microsoft
Hyper-V Servers section in the Veeam Backup & Replication User Guide.
2. Launch and complete the Instant Recovery to Hyper-V wizard as described in Performing Instant Recovery
of Workloads to Hyper-V VMs section in the Veeam Backup & Replication User Guide.
NOTE
When you perform Instant Recovery to Microsoft Hyper-V environment for EC2 instances, you will
not be able to choose a recovery mode.
145 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Restoring to Microsoft Azure
Veeam Backup & Replication allows you to restore Amazon EC2 instances from image -level backups created
with Veeam Backup for AWS to Microsoft Azure. You can restore EC2 instances to any available restore point.
For more information on restoring EC2 instances to Microsoft Azure, see the Restore to Microsoft Azure section
in the Veeam Backup & Replication User Guide.
1. Configure initial settings of the Azure account or Azure Stack accounts as described in the Configuring
Initial Settings section in the Veeam Backup & Replication User Guide.
2. Check limitations and prerequisites listed in the Veeam Backup & Replication User Guide.
To do that, open the Home view and navigate to the Ba ckups > E x ternal Repository node in the inventory
pane. In the working area, select EC2 instances that you want to restore. On the ribbon, click Microsoft
Azure Iaas. Then follow the instructions provided in the Restoring Machines section in the Veeam Backup
& Replication User Guide.
146 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Restoring to Nutanix AHV
Veeam Backup & Replication allows you to restore Amazon EC2 instances from image -level backups created
with Veeam Backup for AWS to Nutanix AHV clusters. You can restore EC2 instances to any available restore
point.
1. Check that you have configured the backup infrastructure required for Veeam Backup for Nutanix AHV as
described in the Deployment section in the Veeam Backup for Nutanix AHV User Guide.
2. Make sure that backups of the necessary EC2 instances are in an on-premises repository. If you have not
copied the backup beforehand, follow the instructions from the Creating Backup Copy Jobs for VMs and
Physical Machines section in the Veeam Backup & Replication User Guide.
To restore EC2 instances from backups stored in the archive tier of a scale-out backup repository, you do
not need to copy backups to on-premises repositories. However, you must retrieve data as described in
the Retrieving Backup Files section in the Veeam Backup & Replication User Guide.
To do that, open the Home view after Veeam Backup & Replication finishes copying backups. In the
inventory pane, navigate to the Ba ckups > Disk (Copy) node. In the working area, expand the necessary
job, and select backups of EC2 instances that you want to recover. On the ribbon, in the Restore to AHV
section, click E ntire VM. Then follow the instructions provided in the Restoring VMs Using Veeam Backup
& Replication Console section in the Veeam Backup for Nutanix AHV User Guide.
147 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Restore to Google Compute Engine
Veeam Backup & Replication allows you to restore Amazon EC2 instances from image -level backups created
with Veeam Backup for AWS to Google Compute Engine (GCE). You can restore EC2 instances to any available
restore point. For more information on restoring EC2 instances to GCE, see the Restore to Google Compute
Engine section in the Veeam Backup & Replication User Guide.
1. Check limitations and prerequisites listed in the Veeam Backup & Replication User Guide.
To do that, open the Home view and navigate to the Ba ckups > E x ternal Repository node in the inventory
pane. In the working area, select EC2 instances that you want to restore. On the ribbon, click Goog le CE.
Then follow the instructions provided in the Restoring Machines section in the Veeam Backup &
Replication User Guide.
148 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Exporting Disks
Veeam Backup & Replication allows you to restore disks of Amazon EC2 instances from backups created with
Veeam Backup for AWS. You can restore disks in the VMDK, VHD or VHDX format. For more information on EC2
Instance Disks Export, see the EC2 Instance Disks Export section in the Veeam Backup & Replication User Guide.
To restore disks of Amazon EC2 instances and convert them to the VMDK, VHD or VHDX format:
1. Launch the E x p ort Disk wizard. To do that, open the Home view. In the inventory pane, navigate to
Ba ckups > E xternal Repository. In the working area, select EC2 instances whose disk you want to export.
On the ribbon, click E x port Disks.
2. Complete the wizard as described in the Exporting Disks section in the Veeam Backup & Replication User
Guide.
149 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Restoring Guest OS Files
You can restore individual guest OS files and folders from image-level backups of an Amazon EC2 instance.
When restoring guest OS files, you do not need to extract image-level backups of EC2 instances to a staging
location, or start EC2 instances prior to a restore. You can restore files and folders directly from image-level
backups. For more information on guest OS file recovery, see the Guest OS File Recovery section in the Veeam
Backup & Replication User Guide.
You can restore files from different guest OS file systems using the following methods.
1. Check limitations and prerequisites listed in the Veeam Backup & Replication User Guide.
To do that, open the Home view and navigate to Ba ckups > External Repository. In the working area,
select a VM whose files you want to restore. On the ribbon, click Guest Files (Windows). Then follow the
instructions provided in the Restoring VM Guest OS Files (FAT, NTFS or ReFS) section in the Veeam Backup
& Replication User Guide.
1. Check limitations and prerequisites listed in the Veeam Backup & Replication User Guide.
To do that, open the Home view and navigate to Ba ckups > E xternal Repository. In the working area,
select a VM whose files you want to restore. On the ribbon, click Guest Files (Other). Then follow the
instructions provided in the Restoring VM Guest OS Files (Multi-OS) section in the Veeam Backup &
Replication User Guide.
150 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Restoring from Other File Systems
You can restore file systems other than those listed in the File-Level Restore section in the Veeam Backup &
Replication User Guide. For this purpose, use the Instant Recovery technology. To learn how to restore guest OS
files from other file systems, see the Restore from Other File Systems section from the User Guide for Microsoft
Hyper-V.
151 | V eeam Backup & Replication | Integration with Veeam Backup for AWS Guide
Restoring Application Items
Veeam Backup & Replication provides auxiliary tools called Veeam Explorers that allow you to restore
application items directly from image-level backups of Amazon EC2 instances. These backups must be created
with the enabled application-aware processing option.
• Microsoft Exchange
• Microsoft SharePoint
• Oracle Database
1. Launch the restore wizard. To do that, open the Home view. In the inventory pane, navigate to Ba ckups >
E x ternal Repository. In the working area, select the necessary backup of an EC2 instance, click Ap p lication
Items on the ribbon and select the necessary application.
2. Complete the restore wizard. To extract the application databases from the backup and open it in the
Veeam Explorer, perform the following steps:
a. At the Restore P oint step of the wizard, select a restore point from which you want to restore
application items.
b. At the Rea son step of the wizard, enter the information on the restore reason for future reference.
c. At the Summary step of the wizard, review the information on the EC2 instance whose application
items you want to restore.
Veeam Backup & Replication will open the Veeam Explorer console to select the application that will allow you
to restore application items from the selected backup or snapshot.
152 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
IMP ORTANT
• To be able to restore application items in the Veeam Explorer console, you must manually attach the
database that you want to restore. For details on working with Veeam Explorers, see Veeam
Explorers User Guide.
• The backup from which you want to restore must be application consistent. For details and
requirements of the application-consistent backups, see the Application-Aware Processing section in
the Veeam Backup for AWS User Guide.
153 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Viewing Statistics
AWS Plug-in for Veeam Backup & Replication allows you to view statistics on data recovery operations that
Veeam Backup & Replication perform to recover, restore and export Amazon EC2 instances. You can view the
information on the restore reason, the parameters of the restored instance, the logs of the restore session and
so on.
Veeam Backup & Replication provides information on the following recovery operations that are initiated from
Veeam Backup for AWS:
• Open the Home view, in the inventory pane select La st 24 hours. In the working area, double-click the
necessary restore session.
Select the session and click Sta tistics on the ribbon or right-click the session and select Sta tistics.
• Open the History view, in the inventory pane select Restore. In the working area, double-click the
necessary restore session.
Select the session and click Sta tistics on the ribbon or right-click the session and select Sta tistics.
The restore session window will display the following information on restore sessions:
• The top of the window will show general session statistics: a name of the machine whose data is restored,
the account under which the session was started, the session status and duration details.
• The Rea son tab will show the restore reason that was specified when running the restore.
• The P a rameters tab shows information about the restore point selected to restore the files.
154 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
• The Log tab shows a list of operations performed during the session.
155 | V eeam Backup & Replication | Integration with Veeam Backup for A WS Guide
Features and Plug-In Versions
The following table shows major features that were added in each version of AWS Plug -in for Veeam Backup &
Replication:
156 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide
Support Information
If you have any questions or issues with AWS Plug-in for Veeam Backup & Replication, Veeam Backup &
Replication or Veeam Backup for AWS, you can search for a resolution on Veeam R&D Forums or submit a
support case in the Veeam Customer Support Portal.
When you submit a support case, we recommend you provide information on the installed products to the
Veeam Customer Support Team. Product logs contain this information.
1. From the main menu of the Veeam Backup & Replication console, select Help > Support Information.
2. At the Scop e step of the E x port Logs wizard, select E x port all logs for selected components.
3. In the Ma naged servers list, select the Veeam Backup & Replication server, Veeam Backup for AWS
appliances and other components for which you want to export logs.
4. Complete the wizard as described in the Export Logs section in the Veeam Backup & Replication User
Guide.
157 | V eeam Backup & Replication | Integration with V eeam Backup for AWS Guide