Configuring AWS Backup

Configuring AWS Backup

Step 1: Basic Job Details

Enter the following details;

Backup Job Name

Enter a name with which you want to identify this particular backup job.

Backup Option

Only EBS Snapshot Backup : By choosing this option you can backup your AWS EC2 Instances data only as EBS Snapshots.
EBS Snapshot backup with a backup copy to another location : Choosing this option will backup your AWS EC2 Instance data as EBS Snapshot and also have BDRSuite create a copy of backup and store it in another location which is the BDRSuite Backup Repository.

Backup Repository Type

Choose either the Block Storage Repository or the Object Storage Repository as per requirement

Backup Repository

Based on the previous selection, list of Backup Repositories will be listed and the required one can be selected.

Repository Name

Choose from the listed Backup Repository

Immutable Backups (Only for Object Storage)

You have the option to enable this feature by checking the box, which will secure your backups as immutable for a specific duration. The duration can be specified and you do it for up to 999 day(s). The duration set will be applied to this backup job, which you’ll configure in subsequent steps. When configuring other backup jobs, ensure to adjust the duration according to your needs.
Immutable backup in the BDRSuite Backup Server is a backup strategy or system you can use where once the data is backed up, it cannot be edited, deleted, or tampered with until a predefined time period expires that can be set up as shown below in the image representation. This approach adds an extra layer of protection to the backup data, making it resistant to ransomware attacks, accidental or malicious changes

Step 2: Instance Selection

In the Instance selection page, first select the required AWS Account and Region from the drop-down box and click on the List Instances option.
  1. All the EC2 instances available in the selected Account and Region will be listed. If you wish to change the Region or Account, use the same drop-down box to choose a different account/region and click on the List Instances option to view the updated list.
  2. In a particular backup job, only EC2 instances from the same account/region can be configured for backup. Backing up EC2 instances across different accounts or regions is not supported in this version.
Notes
Note: To perform application-aware processing (or) run pre/post scripts on EC2 instances, follow the Prerequisites to Install BDRSuite Guest Tools.
You can either select individual instances or all the instances at once by selecting the checkbox next to Name.
In the left pane, you will find the following types:
  1. Availability Zone– Lists all the AWS availability zones in the selected region.
  2. Platform Type– Lists the EC2 instances based on their OS – Windows or Linux.
  3. Status– Lists the instances based on whether they are protected or unprotected.
  4. Instance Type– Lists all the instances based on their instance type like t2.micro, t3.large, etc.
By default, all the filter checkboxes will be enabled. To backup instances based on a specific type, you can use these checkboxes to filter the required EC2 instances for backup. You can also use the Search box present near the List Instances button to search and select only the required instances for backup.

Step 3: Application-Aware Processing & Pre/Post Scripts

Prerequisites for Application-aware processing and Pre/Post Scripts in EC2 Instances

To perform application-aware processing (or) to run pre/post scripts, BDRSuite Backup Server will install, through AWS SSM Agent, Vembu Guest Tools in your EC2 instances. To enable BDRSuite Backup Server to automatically install the guest tools via AWS SSM Agent, follow the steps below:
Notes
Note: For Windows EC2 instances, Vembu Guest tools installation requires .NET Framework v3.5. Please make sure you have installed .NET Framework and then  follow the steps below.
Step 1: Attach IAM role to EC2 Instance
Follow the below steps;
  1. From the Amazon EC2 console, choose Instances from the EC2 Dashboard displayed on the left pane.
  2. Select the instances one by one for which application-aware processing or pre/post scripts have to be enabled and perform the following steps.
  3. Click on the Actions button and navigate to the Security -> Modify IAM Role page
  4. On the Modify IAM role page, select ‘AmazonSSMRoleForInstancesQuickSetup’ on the IAM role field, and click ‘Update IAM Role’.
If the above-mentioned IAM role is not present, you need to configure Systems Manager Agent (SSM Agent) in the Systems Manager service to enable the role.
Steps to configure SSM ROLE
  1. Navigate to the ‘Systems Manager’ page. You can use the search option to quickly locate it.
  2. Click ‘Quick Setup’ on the left pane.
  3. On the Host Management section, Click Create. You will be directed to the Customize Host Management Configuration options page.
  4. On the Targets section, Select the radio options: ‘Choose region’ and ‘All Instances’.
  5. On the Target Regions section, select the checkbox of the regions under which the instances are running for which you want to enable application-aware.
  6. Click Create button to complete the host configuration. This will create the required IAM role.
Notes
Note: The above steps are given as per the latest AWS user interface. If you are using old UI follow the steps given in the next page.
Step 2: Install SSM Agent
  1. After attaching the IAM role, SSM Agent needs to be installed on EC2 instances.
  2. SSM Agent is pre-installed in most Operating Systems. To check whether the SSM Agent was already installed, run the command specified in the documentation: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-status-and-restart. html
  3. If it’s not available, then manually install SSM in your EC2 instances by following the below documentation:
  1. For WINDOWS: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-win.html
  2. For LINUX: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html
Important Note for Pre/Post Scripts
  1. Pre/Post scripts have to be manually placed in the Vembu Guest Tools installation location mentioned below (Create the folder structure if not available) before scheduling a backup.
    1. Windows – C:\Program Files\Vembu\BackupForAWS\GuestTools\scripts
    2. Linux – /opt/GuestTools/scripts
  2. Naming conventions for pre/post scripts:
    1. The scripts which needs to be executed before the backup starts should be named as: before_<<backupjobname>>
    2. The scripts which needs to be executed after the backup ends should be named as: after_<<backupjobhome>>
Attach IAM role to EC2 Instance (OLD UI)
  1. From the Amazon EC2 console, choose Instances from the EC2 Dashboard displayed on the left pane.
  2. Select only the instances for which application-aware processing or pre/post scripts have to be enabled.
  3. Then click on Actions, choose Instance Settings, and select Attach/Replace IAM role.
  4. On the Attach/Replace IAM role page, select AmazonSSMRoleForInstancesQuickSetup on the IAM role field, and click Apply.

Steps to enable the Application-Aware Processing

When backing up instances with applications, there is a chance of data corruption while taking a snapshot as the application writers may not be stable. It is necessary that the application writers are in a stable state when the snapshot is taken, otherwise, the backup database will be corrupted, causing inconsistency during recovery.
  1. By enabling Application-Aware Processing, BDRSuite Backup for AWS ensures the application is prepared for backup by quiescing the application writers before the snapshot is taken so that an application-consistent backup is guaranteed. After the snapshot is taken, the applications resume normal operations in minimal time without affecting application performance.
  2. In BDRSuite Backup for AWS, to backup EC2 instances with application-aware processing, it is mandatory to install BDRSuite Integration Service (VIS) for AWS in the required target EC2 instances before configuring the backup job.
  3. To know more about downloading and installing VIS, go to the VIS Management section.
  4. After installing the VIS in the target instances and adding the instance details in the BDRSuite Backup Server, you can proceed with backup configuration by enabling the Application-Aware checkbox for the required Windows instances selected for backup.
  5. To apply Application-Aware Processing for all the instances listed for backup, enable the checkbox for the column header Application-Aware.
  6. In some cases, you may want to skip application-aware processing for certain volumes in the instances selected for backup. To exclude those volumes, enter the names of the volumes in the exclusion text box. You can add multiple volumes for exclusion by clicking on the comma key after each volume.

Steps to enable Pre/Post Script

Pre/Post Backup commands allow you to configure system-level actions that are to be executed before and after a backup process. Typically, you would run the pre-script before the backup job to move the application into Backup Mode by freezing the system for a short period of time during which the snapshot will be taken. And, the post-script will be used to release the frozen or locked system after the snapshot is taken to resume the full-scale normal operations.
  1. In BDRSuite Backup for AWS, to execute pre/post backup scripts, it is mandatory to install BDRSuite Integration Service in the required EC2 instances.
  2. To know more about downloading and installing VIS, go to the VIS Management section.
  3. After installing the VIS in the required EC2 instances and after adding the DNS/IP Address details of those instances in the BDRSuite Backup Server, you can save the pre/post scripts in the target instances.
  4. Create the scripts/batch files for the before and after operations and save them in this path – VIS_INSTALLATION_LOCATION/scripts.
  5. Save the backup scripts in the following format:
    1. Pre Backup Script file: before_BackupJobName.extension
      1. Example: before_TestBackup.bat
    2. Post-Backup Script file: after_BackupJobName.extension
      1. Example: after_TestBackup.sh
  6. Add the time-out limit for the scripts in the Pre/Post Scripts Timeout in the secs text box. If the time limit is exceeded and the script is not executed, the backup will fail.
  7. Click on Create Backup and a new window with backup configuration settings will appear.

Step 4: Scheduling

Backup Schedule

Set up the frequency of your backups by scheduling them at the required time. You can configure backup schedules in the following manner:
  1. Run Hourly – You can run backups on an hourly basis on specific days. By default, all the days in the week will be selected. If you don’t want to run the backup on all days, manually select the required days.
  2. Run Daily – Run backups every day at the specified time.
  3. Run Weekly – Run backups weekly on the required days at the specified time.
Select the Time Zone in which you want to run the backups. By default, Coordinated Universal Time (UTC) will be selected.

Advanced Settings

When a backup job fails, BDRSuite Backup for AWS will automatically retry the backup job. You can configure the retry settings by using the below options:
  1. Retry attempt on backup failure: Number of times BDRSuite Backup for AWS will retry the backup job.
  2. Wait time before every retry attempt: Number of minutes BDRSuite Backup for AWS will wait before retrying the backup job.

Step 5: Retention

Retention for Snapshots

During backup, BDRSuite Backup for AWS takes a snapshot of the target EC2 instances at the scheduled time using Amazon APIs. The snapshots are stored in the same AWS Account and Region of the target EC2 instances.
  1. Each time a snapshot is taken, it corresponds to a restore point (i.e.) a point-in-time from which the backed-up instance can be recovered. With BDRSuite Backup for AWS, you can retain up to 10 snapshots of each target EC2 instance that you backup.
  2. If you set a retention limit of 5 snapshots, then if the backup job is running for the 6th time in its schedule, the oldest snapshot will be deleted to retain only 5 latest snapshots of the target instance.

Retention for Incremental backup

If this option is disabled, all the restore points will be retained. If enabled, only the configured number of restore points will be retained.
The following two types of retentions are supported for AWS Backup in the BDRSuite Backup Server.
Basic Retention
Selecting the version based retention will let you enter the number of restore point version you would like to maintain
Selecting the time based retention will let you choose the number of days you want to retain the backup data and you can also enter the minimum number if versions that you want to retain.
GFS Retention
GFS with Full Backup: These will be created using the additional full backup and the synthetic full backup. You can manage weekly, monthly, quarterly or yearly retentions.
GFS with Incremental: These will be created using the incremental backups. With this option you can maintain daily, weekly, monthly, quarterly or yearly retentions.

Step 6: Review

Review all the selections made for the AWS backup configuration and if you want to run the backup job immediately, select the checkbox and proceed to click on Save.

    • Related Articles

    • Quick Start Guide for AWS Backup & Recovery

      About AWS Backup & Recovery BDRSuite offers backups for AWS EC2 instances, utilizing native snapshots for efficient backup and recovery. It supports incremental backups to optimize storage and bandwidth usage, with secure storage options across ...
    • Adding AWS Account for Backup

      Prerequisites to Add AWS Accounts It is necessary to Create & Attach a Policy to the User and set up Access Key ID & Secret access key as a prerequisite action to further proceed with adding the AWS Account. 1. Create & Attach Policy to User Create a ...
    • AWS EC2 Instance Backup and Recovery

      Overview BDRSuite's AWS Backup solution provides comprehensive protection for your AWS EC2 Instances and other critical workloads, ensuring secure backups and seamless recovery in case of accidental deletion, data corruption, or system failure. Watch ...
    • What is AWS Backup in BDRSuite?

      BDRSuite for AWS is a comprehensive and cost-effective backup and disaster recovery solution for Amazon Web Services (AWS) EC2 instances. BDRSuite offers features such as agentless backups, versioning, archiving, retention, and recovery services to ...
    • What is the pricing for AWS Backup?

      BDRSuite's AWS EC2 Instance backup pricing is $48 per VM/year. You can find detailed pricing information for BDRSuite here: BDRSuite Pricing. For a custom quote, please contact bdr-support@vembu.com