Skip to main content
druva_logo.pngDruva
|
Documentation

How can we help you?

 

Trending articles:
Druva Documentation

AWS PrivateLink integration with File Servers, NAS, SQL, and Oracle DTC servers

  1. Last updated
  2. Save as PDF
Phoenix Editions: File:/tick.png Business File:/cross.png Enterprise File:/tick.png Elite

 

Overview

If you deploy a File Server, NAS, SQL Server or Oracle DTC server in an AWS EC2 instance, you can use AWS PrivateLink for communication between your server and Druva Cloud. This article describes the changes you need to make in your AWS infrastructure to use AWS PrivateLink instead of the internet for communication with Druva Cloud.

Step 1: Create VPC Endpoints 
Step 2: Add Route 53 DNS records

Step 1: Create a VPC Endpoint

Create VPC endpoints for the following services:

VPC endpoint for the backup service

  1. Copy the Druva backup service name that corresponds to the region where you've deployed the EC2 instance for your file server, NAS, MS SQL Server, or Oracle DTC server from the following table:
    Region Druva backup service name
    ap-south-1 com.amazonaws.vpce.ap-south-1.vpce-svc-018246eb6465a0732
    ap-east-1 com.amazonaws.vpce.ap-east-1.vpce-svc-0ca7ac8221c563a68
    us-east-1 com.amazonaws.vpce.us-east-1.vpce-svc-0a9aa0b682d3a980d
    ap-northeast-1 com.amazonaws.vpce.ap-northeast-1.vpce-svc-040be8f24b45eaf82
    eu-west-1 com.amazonaws.vpce.eu-west-1.vpce-svc-0107991f549b4b600
    ap-southeast-1 com.amazonaws.vpce.ap-southeast-1.vpce-svc-07babd8b6998f4a47
    ca-central-1 com.amazonaws.vpce.ca-central-1.vpce-svc-0f00d5cda0c16b14d
    ap-southeast-2 com.amazonaws.vpce.ap-southeast-2.vpce-svc-055b8fc235e64c402
    us-west-2 com.amazonaws.vpce.us-west-2.vpce-svc-07023e0ed04c643fe
    eu-north-1 com.amazonaws.vpce.eu-north-1.vpce-svc-0c7c6031bcbc8cdfa
    us-gov-west-1 com.amazonaws.vpce.us-gov-west-1.vpce-svc-03c28740ddbae131f
    us-west-1 com.amazonaws.vpce.us-west-1.vpce-svc-05274b103d6b1c796
    eu-central-1 com.amazonaws.vpce.eu-central-1.vpce-svc-06a20c5470ce8207a
    sa-east-1 com.amazonaws.vpce.sa-east-1.vpce-svc-02eaa75795ee6efc3
    eu-west-2 com.amazonaws.vpce.eu-west-2.vpce-svc-04758dcfbe68314ca
    eu-west-3 com.amazonaws.vpce.eu-west-3.vpce-svc-02d8fa4171c9495a2

     

  2. Log in to the AWS Management Console. Ensure you are logged into the region you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.

  3. From the search bar at the top, search for and navigate to the VPC service.

  4. In the navigation pane on the left, under VIRTUAL PRIVATE CLOUD, click Endpoints.

  5. On the Endpoints page, click Create Endpoint.

    Create Endpoint.png

  6. On the Create Endpoint page, under the Service category click PrivateLink Ready partner services.

  7. In the Service Name field under Service settings, paste the service name that you copied in step 1. Click Verify service. 
    Create Endpoint details.png

  8. In the VPC dropdown, select the VPC that you want to use for the File server, NAS, MS SQL Server, or Oracle DTC server deployment. Ensure that the Druva service is available in the availability zone for the subnet that you intend to use. If the service is available in the availability zone, proceed with the endpoint creation for your EC2 deployment. Else repeat the verification for an alternate VPC and a different subnet where the Druva service is available in the Availability Zone. 

  9. In the Security groups section, select a security group that allows HTTPS inbound and outbound for the entire VPC CIDR.

  10. On the Create Endpoint page, click Create endpoint.

Once the endpoint creation is successful, the endpoint details show DNS names populated successfully. Make a note of the first DNS name under the endpoint details.
DNS names - backup service endpoint.png

VPC endpoint for the Druva node service

  1. Copy the Druva node service name that corresponds to the region where you've deployed the EC2 instance for your file server, NAS, MS SQL Server, or Oracle DTC server from the following table:
    Note: The n[0-20] signifies twenty Druva Node Service DNS records that need to be created corresponding to each Druva node service name. Example: n0-c990-phoenix.druva.com
     
    Region Druva Node Service DNS Record Druva node service name
    ap-south-1 n[0-20]-c990-phoenix.druva.com com.amazonaws.vpce.ap-south-1.vpce-svc-03333ec23fcf16038
    ap-east-1 n[0-20]-c141-phoenix.druva.com com.amazonaws.vpce.ap-east-1.vpce-svc-02c2a424447b6a3af
    us-east-1 n[0-20]-c5-phoenix.druva.com
    n[0-20]-c51-phoenix.druva.com
    n[0-20]-c52-phoenix.druva.com
    n[0-20]-c53-phoenix.druva.com
    n[0-20]-c54-phoenix.druva.com

    com.amazonaws.vpce.us-east-1.vpce-svc-004506a70c2ac8caa,
    com.amazonaws.vpce.us-east-1.vpce-svc-0db1bc45f4e65be4a,
    com.amazonaws.vpce.us-east-1.vpce-svc-0baf4a72fee637303,
    com.amazonaws.vpce.us-east-1.vpce-svc-0dcaf81a0bee114ea,
    com.amazonaws.vpce.us-east-1.vpce-svc-0ad12abe6d0475cac

     
    ap-northeast-1 n[0-20]-c8-phoenix.druva.com com.amazonaws.vpce.ap-northeast-1.vpce-svc-0848a06835bf96ea2
    eu-west-1 n[0-20]-c7-phoenix.druva.com com.amazonaws.vpce.eu-west-1.vpce-svc-0af967b39240c25a6
    ap-southeast-1 n[0-20]-c9-phoenix.druva.com com.amazonaws.vpce.ap-southeast-1.vpce-svc-0196a10e373490250
    ca-central-1 n[0-20]-c660-phoenix.druva.com com.amazonaws.vpce.ca-central-1.vpce-svc-0488c9caf545cd93c
    ap-southeast-2 n[0-20]-c3-phoenix.druva.com com.amazonaws.vpce.ap-southeast-2.vpce-svc-0872c09982b406228
    us-west-2 n[0-20]-c2-phoenix.druva.com com.amazonaws.vpce.us-west-2.vpce-svc-0393b0e3e88b9663a
    eu-north-1 n[0-20]-c121-phoenix.druva.com com.amazonaws.vpce.eu-north-1.vpce-svc-01701cd7b3403625d
    us-gov-west-1 n[0-20]-c6-govphoenix.druva.com com.amazonaws.vpce.us-gov-west-1.vpce-svc-07e02f2d02f483f04
    us-west-1 n[0-20]-c6-phoenix.druva.com com.amazonaws.vpce.us-west-1.vpce-svc-0c965c538a1b9c917
    eu-central-1 n[0-20]-c1-phoenix.druva.com com.amazonaws.vpce.eu-central-1.vpce-svc-02de3b5571bd7165e
    sa-east-1 n[0-20]-c4-phoenix.druva.com com.amazonaws.vpce.sa-east-1.vpce-svc-000c79ef4eaebf838
    eu-west-2 n[0-20]-c770-phoenix.druva.com com.amazonaws.vpce.eu-west-2.vpce-svc-0dc0cc1cea80835ed
    eu-west-3 n[0-20]-c131-phoenix.druva.com com.amazonaws.vpce.eu-west-3.vpce-svc-03966edd793e485d6

     

  2. Log in to the AWS Management Console. Ensure you are logged into the region where you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.

  3. From the search bar at the top, search for and navigate to the VPC service.

  4. In the navigation pane on the left, under VIRTUAL PRIVATE CLOUD, click Endpoints.

  5. On the Endpoints page, click Create Endpoint.

  6. On the Create Endpoint page, under the Service category click PrivateLink Ready partner services.

  7. In the Service Name field under Service settings, paste the service name that you copied in step 1 of the VPC endpoint for the Druva node service. Click Verify service. 

  8. In the VPC dropdown, select the VPC that you want to use for the File server, NAS, MS SQL Server, or Oracle DTC server deployment. Ensure that the Druva service is available in the availability zone for the subnet that you intend to use. If the service is available in the availability zone, proceed with the endpoint creation for your EC2 deployment. Else repeat the verification for an alternate VPC and a different subnet where the Druva service is available in the Availability Zone. 

  9. In the Security groups section, select a security group that allows HTTPS inbound and outbound for the entire VPC CIDR.

  10. On the Create Endpoint page, click Create endpoint.

 Once the endpoint creation is successful, the endpoint details show DNS names populated successfully. Make a note of the first DNS name under the endpoint details.

VPC endpoint for the AWS S3 service

  1. On the Endpoints page, click Create Endpoint.

  2. On the Create Endpoint page, under the Service category select AWS services.

  3. In the Services section, in the search box, search for the S3 keyword and select a service with the type Gateway.
    SelectService.png

  4. In the VPC dropdown, select the VPC that you want to use for the File server, NAS, MS SQL Server, or Oracle DTC server deployment. 

  5. In the Route Tables section, select all route tables that belong to the selected VPC.

  6. In the Policy section, select Full Access.
    SelectPolicy.png

  7. Click Create endpoint.
    CreateEP.png

Once the endpoint creation is successful, the endpoint details show DNS names populated successfully. Make a note of the first DNS name under the endpoint details. 

Step 2: Add Route 53 DNS records

  1. Log in to the AWS Management Console. Ensure you are logged into the region where you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.
  2. From the search bar at the top, search for and navigate to the Route 53 service.
  3. In the left pane, click Hosted zones.
  4. On the Hosted zones page, click Create hosted zone.
  5. Create a Private hosted zone for the domain druva.com. Select the region and VPC in which an EC2 instance for your File Server, NAS, MS SQL server, or Oracle DTC server is created. Perform the following tasks:
    Hosted zone configuration
    Domain name druva.com
    Type Private hosted zone
    VPC to associate with the hosted zone
    Region Select the region in which your EC2 instance has been deployed.
    VPC ID Select the VPC ID in which your EC2 instance has been created.

     

  6. Click Create hosted zone.

  7. Click the newly created private hosted zone.

  8. Click Create record with record name backup-<cloudname>  and create the following DNS records:
Record name Value
backup-phoenix.druva.com Backup Service VPC Endpoint DNS name
notifier-phoenix.druva.com Backup Service VPC Endpoint DNS name
nas-accelerator-notifier-phoenix.druva.com
(for NAS only)		 Backup Service VPC Endpoint DNS name
deviceapigw-phoenix.druva.com
devicenotifier-phoenix.druva.com
devicestore-phoenix.druva.com
(for Oracle only)		 Backup Service VPC Endpoint DNS name

globalapis.druva.com (Phoenix  Cloud)
globalgovapis.druva.com (GovCloud)

 Backup Service VPC Endpoint DNS name

Druva Node-Service DNS Record (corresponding to the region where EC2 instance is deployed)

Example

N[0-20]-c5-phoenix.druva.com
Note: The n[0-20] signifies twenty Druva Node Service DNS records that need to be created corresponding to each Druva node service name. Example: n0-c5-phoenix.druva.com		 Node Service VPC Endpoint DNS name

Creating a record

  1. Log in to the AWS Management Console. Ensure you are logged into the region where you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.
  2. From the search bar at the top, search for and navigate to the Route 53 service.
  3. In the left pane, click Hosted zones.
  4. On the Hosted zones page, click the zone where you want to create a record and click Create record.
  5. On the Create record page, do the following:
    1. Enter the record name.
    2. In the Record type field, select  A - Routes traffic to an IPv4 address and some AWS resources.
    3. Enable the Alias toggle button.
    4. In the Route traffic to field, select Alias to VPC endpoint, select the region and add the corresponding DNS name.
    5. In the Routing policy field, select Latency and the region.
    6. Enter the Record ID and click Create records.
      CreateRecord.jpg

Verify if AWS PrivateLink is enabled

Perform the following tasks to determine if AWS PrivateLink is enabled for your AWS EC2 instance or not:

  1. On the Amazon EC2 instance for your File Server, NAS, SQL server, or Oracle DTC server, open the command prompt and issue the following command:
    nslookup backup-phoenix.druva.com
    The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the backup service.
    IP address for VPC endpoint - Backup Service.png

  2. Issue the following command:
    nslookup notifier-phoenix.druva.com
    The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the backup service.

  3. Issue the following command:
    nslookup n[0-20]-c5-phoenix.druva.com
    Where n[0-20] is any one of the Druva Node service DNS record names. Example: n6-c5-phoenix.druva.com. The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the Druva node service.

If the IP addresses for all the steps are similar to those configured for the VPC endpoints, the EC2 instance will use AWS PrivateLink for communication with the Druva Cloud.