How to implement Druva DRaaS solution in AWS
Overview
While implementing the Druva DRaaS solution you need to create certain resources in AWS. You can choose to configure your DR site in a public subnet or a private subnet.
You first need to deploy a Druva AWS proxy. For information see, Register Phoenix AWS Proxy.
After the AWS proxy is deployed, depending on the subnet type you can configure your AWS environment accordingly.
Configurations to be done in the target VPC
The following configurations must be done in the target VPC i.e. the DR site where the failover would be performed.
Configuration for Public subnet
For a public subnet you need to ensure the below:
-
Subnet which you specified for the DR failover has internet access: This subnet is specified under DR plan > Network Mappings.
To verify if the subnet has internet access: Go to the AWS console > VPC > Subnet > Check if the route table is attached to an internet gateway.
OR
We can also try to ping s3 ( s3-<region>.amazonaws.com) and sqs URL (sqs.<region>.amazonaws.com) from an instance in the same subnet.
For example :
S3-us-east-1.amazonaws.com
sqs.us-east-1.amazonaws.com
-
Verify if the Auto-Assign IP address is set to Auto-Assign: Go to DR Plan > Virtual Machines > VM Failover Settings > Network settings.
Configuration for Private subnet
For a private subnet ensure the following:
S3 endpoint is created:
To create S3 endpoint, go to the target VPC and go to endpoints and create an endpoint.
- Click on Create Endpoint.
- Select AWS services as Service Category.
- In the Service Name field search for S3 and you will find the service name.
- From the VPC dropdown list, select the VPC.
- From the Configure route tables list select the route table.
SQS endpoint is created:
To create SQS endpoint go to the target VPC and go to endpoints and create an endpoint.
- Click on Create Endpoint.
- Select AWS services as Service Category.
- In the Service Name field search for SQS and you will find the service name.
- Select the VPC and choose the appropriate Subnet.
For more information, see Create SQS endpoint for private subnets if sqs is not accessible.
-
Also, if you have a dedicated Security Group, ensure the following for the inbound rules in the security group.
Inbound Source Type Protocol Port Range 0.0.0.0/0 SSH TCP 22 0.0.0.0/0 HTTPS TCP 443 By default, all outgoing traffic is allowed. Customers can specify their own settings.