Skip to main content
Druva Documentation

How to implement Druva DRaaS solution in AWS

 

 

Overview

While implementing the Druva DRaaS solution you need to create certain resources in AWS.  You can choose to configure your DR site in a public subnet or a private subnet.

You first need to deploy a Druva AWS proxy. For information see, Register Phoenix AWS Proxy

After the AWS proxy is deployed, depending on the subnet type you can configure your AWS environment accordingly.

Configurations to be done in the target VPC

The following configurations must be done in the target VPC i.e. the DR site where the failover would be performed.

Configuration for Public subnet

For a public subnet you need to ensure the below:

  • Subnet which you specified for the DR failover has internet access: This subnet is specified under DR plan > Network Mappings.
    image001.png

    To verify if the subnet has internet access: Go to the AWS console > VPC > Subnet > Check if the route table is attached to an internet gateway.

    OR

    We can also try to ping s3 ( s3-<region>.amazonaws.com) and sqs URL (sqs.<region>.amazonaws.com) from an instance in the same subnet.

    For example : 
    S3-us-east-1.amazonaws.com
     sqs.us-east-1.amazonaws.com
    image003.png

  • Verify if the Auto-Assign IP address is set to Auto-Assign: Go to DR Plan > Virtual Machines > VM Failover Settings >  Network settings
    image005.png

Configuration for Private subnet

For a private subnet ensure the following:

S3 endpoint is created: 

To create S3 endpoint, go to the target VPC and go to endpoints and create an endpoint.

  1. Click on Create Endpoint
  2. Select AWS services as Service Category
  3. In the Service Name field search for S3 and you will find the service name.
  4. From the VPC dropdown list, select the VPC.
  5. From the Configure route tables list select the route table.

SQS endpoint is created

To create SQS endpoint go to the target VPC and go to endpoints and create an endpoint.

  1. Click on Create Endpoint
  2. Select AWS services as Service Category
  3. In the Service Name field search for SQS and you will find the service name.
  4. Select the VPC and choose the appropriate Subnet.

For more information, see  Create SQS endpoint for private subnets if sqs is not accessible

  • Also, if you have a dedicated Security Group, ensure the following for the inbound rules in the security group.

    Inbound
    Source Type Protocol Port Range
    0.0.0.0/0 SSH TCP 22
    0.0.0.0/0 HTTPS TCP 443

    By default, all outgoing traffic is allowed. Customers can specify their own settings.