How to Backup and Recover an Amazon Virtual Private Cloud (VPC) with N2WS
By Tom Tasker, EMEA Storage Partner Solutions Architect
For many customers, an Amazon Virtual Private Cloud (VPC) forms the backbone of their deployments on Amazon Web Services (AWS).
The ability to launch AWS resources in a private virtual network gives you complete control over the customization of subnets, routing, internet access, and more.
The N2WS solution allows for the backup and restore of Amazon VPCs in the same region, cross-region, or cross-account for testing, cloning, or disaster recovery (DR).
If you want to be successful in today’s complex IT environment, and remain that way tomorrow and into the future, teaming up with an AWS Competency Partner is The Next Smart.
The AWS Competency Program verifies, validates, and vets top APN Partners that have demonstrated customer success and deep specialization in specific solution areas or segments.
N2WS Backup & Recovery
N2WS Backup & Recovery (formerly CPM) is built specifically for enterprise workloads that run on AWS. Using native Amazon Elastic Block Store (Amazon EBS) snapshots, N2WS is deployed as an Amazon Machine Image (AMI) inside of a customer’s AWS account.
N2WS defines three core areas of configuration for simple backup management—Backup Schedules, Backup Policies, and Backup Targets.
Backup Schedules: Determines the frequency at which backups are taken, most commonly the start time and date and any days for backup exclusion.
Figure 1 – N2WS Schedule configuration.
Backup Policies: Contains the Backup Schedule and Backup Targets. Additional parameters can be configured, such as:
- Frequency of backups.
- Number of backup generations to maintain.
- Whether to copy the backup data to other AWS Regions.
- Whether to backup a resource immediately.
Figure 2 – N2WS Policy configuration.
Backup Targets: Configured against a set of policies and schedules to match the customer’s backup requirements. The list below is an example of Backup Targets N2WS supports:
- Amazon Elastic Compute Cloud (Amazon EC2) instances
- Independent Amazon EBS volumes
- Amazon Relational Database Service (Amazon RDS) databases
- Amazon Aurora clusters
- Amazon Redshift clusters
- Amazon DynamoDB tables
- Amazon Elastic File System (Amazon EFS) file systems
- Amazon FSx for Windows File Server file systems
Figure 3 – N2WS Backup Targets configuration.
Once a Backup Schedule and Backup Policy are active, along with a Backup Target, backups of the AWS environment can happen immediately.
You can purchase the N2WS Backup & Recovery service through AWS Marketplace. Currently, four versions of the service are available and each builds on the prior to offer more functionality and services.
Features of the solution’s four versions include:
- Free: File-level recovery, cross-region DR, and DynamoDB backups.
- Standard: Combines the Free edition with application consistent backups, VPC backups, cross-account DR, and 24/7 support.
- Advanced: Identity provider integration, recovery orchestration and backup to Amazon Simple Storage Service (Amazon S3) and Amazon S3 Glacier.
- Enterprise: Offers the same features as Advanced but to a larger number of users, and access to third-party monitoring integrations.
AWS Marketplace allows for a prescriptive, consistent deployment of APN Partner solutions, including N2WS Backup & Recovery.
The N2WS server is an Amazon EC2 AMI and is deployed into a customer’s AWS account via the AWS Marketplace subscription.
The N2WS server is a Linux-based virtual machine that uses AWS APIs to access services such as Amazon EC2 and Amazon RDS within your account. The server does not require any direct access to the AWS resources or Amazon EC2 instances, and therefore does not interfere with active workloads.
If there’s a requirement for application consistent backups inside of the Amazon EC2 instance, a Thin Backup Agent can be installed.
The N2WS Backup & Recovery management server has three core parts:
- Database holding your backup-related metadata.
- Web/management server managing your metadata.
- Backup server that actually performs the backup operations.
Figure 5 – N2WS Backup & Recovery server architecture.
To access the N2WS admin portal, the public IP address is required and can be located on the AWS Console under the Amazon EC2 service. At this point, any changes made to the N2WS Amazon EC2 instance, and the ability to access it remotely, need to follow AWS security best practices.
When accessing the N2WS console for the first time, a series of initial configuration screens to establish security settings, product licensing, date, and time zones are presented. Once the configuration is complete, the N2WS server will refresh to the login screen for user login and access.
Backing Up an Amazon VPC
When logged into the N2WS console, select General Settings.
Next, expand the Capture VPC section. The VPC settings for the account are captured every six hours, and a Capture Now option is available for immediate configuration backup.
The Capture Log gives details of the previous capture events and changes picked up. The log can be downloaded in CSV format for further processing, if needed. An example log is shown below.
Cloning and Recovering an Amazon VPC
An Amazon VPC can be cloned or recovered, depending on the scenario, from the N2WS Accounts window. From there, the source VPC and destination region can be selected.
As of the current release, the cloning or restore process has some key features:
- Both cross-region and cross-account cloning are supported.
- The target clone can have a new name, which will automatically include ‘(cloned)’ at the end.
- During instance recovery and DR, clones may be optionally created in order to replicate a particular VPC environment before the actual instance recovery proceeds. The new instance has the environment of the cloned VPC and subsequently appear at the top of the target region and account list. A typical scenario might be to capture the VPC, clone the VPC for the first instance, and then apply the cloned VPC to additional instances in the Region or account.
- Instances recovered into a cloned VPC destination environment have new default entities, such as the VPC’s subnet definition and one or more security groups attached to the instance, regardless of the original default entities. Security groups can be changed during recovery.
When the Clone VPC action is initiated, the N2WS server will generate an AWS CloudFormation template using JSON. If this template is large (i.e. over 50KB in size), an additional window will be shown to upload the CloudFormation template to Amazon S3.
It’s important to note the CloudFormation template will not be deleted after the clone process has finished.
Upon completion of the cloning, a message is displayed indicating the status of the clone operation.
Investigation of the log file shows that only unsupported VPC cloning operations did not complete. The log file is downloadable in CSV format, with an extract below.
For a full list of the supported and unsupported features of VPC cloning, see the N2WS documentation.
The CloudFormation template can also be downloaded directly to form part of a Disaster Recovery Plan or DevOps Sandbox Environment. The CloudFormation template is available in the Amazon S3 bucket nominated above.
Amazon VPCs are an essential part of any cloud-first networking strategy. Subnet and routing table configurations, along with security settings, are at risk from day-to-day operational errors.
N2WS offers a backup solution that takes the guesswork and manual labor out of backing up and recovering Amazon VPC configurations, with the ability to automatically restore across AWS Regions and accounts.
N2WS Backup & Recovery simplifies the backup and recovery of Amazon VPCs if they are edited incorrectly, deleted accidentally, or in the worst case lost to disaster.
Visit the N2WS website to learn more, schedule a demo, or start a free trial.
N2WS – APN Partner Spotlight
N2WS is an AWS Storage Competency Partner. They build leading backup, recovery and disaster recovery solution purpose-built for AWS workloads.
*Already worked with N2WS? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.