Skip to main content
druva_logo.pngDruva
|
Documentation

How can we help you?

 

Trending articles:
Druva Documentation

AWS Private Link migration of SQL servers to new deployment in APAC region

  1. Last updated
  2. Save as PDF
Phoenix Editions: File:/tick.png Business File:/cross.png Enterprise File:/tick.png Elite

 

Overview

This article is intended for customers in the APAC region who have deployed File Server, NAS, SQL Server, or Oracle DTC server in an AWS EC2 instance and use AWS PrivateLink for communication between the server and Druva Cloud. Starting February 18, 2023, you must upgrade the Druva components deployed in your AWS PrivateLink infrastructure to continue communication with the Druva Cloud.

You must make the following changes in your infrastructure before February 18, 2023:

Step 1: Create VPC Endpoints in the existing VPC

Create VPC endpoints for the following services:

VPC endpoint for the backup service in the existing VPC

  1. Copy the Druva backup service name that corresponds to the region where you've deployed the EC2 instance for your file server, NAS, MS SQL Server, or Oracle DTC server from the following table:
    Region Druva backup service name
    ap-south-1 com.amazonaws.vpce.ap-south-1.vpce-svc-038a1c15513474e92
    ap-east-1 com.amazonaws.vpce.ap-east-1.vpce-svc-0f01357d9e7b92a1
    us-east-1 com.amazonaws.vpce.us-east-1.vpce-svc-012c8b98c0d1960b0
    ap-northeast-1 com.amazonaws.vpce.ap-northeast-1.vpce-svc-02eb8e33ec1c0a659
    ap-southeast-1 com.amazonaws.vpce.ap-southeast-1.vpce-svc-01d760db310926437
    ap-southeast-2 com.amazonaws.vpce.ap-southeast-2.vpce-svc-0d0d50753809549ac
  2. Log in to the AWS Management Console. Ensure you are logged into the region you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.

  3. From the search bar at the top, search for and navigate to the VPC service.

  4. In the navigation pane on the left, under VIRTUAL PRIVATE CLOUD, click Endpoints.

  5. On the Endpoints page, click Create Endpoint.

    Create Endpoint.png

  6. On the Create Endpoint page, under the Service category click PrivateLink Ready partner services.

  7. In the Service Name field under Service settings, paste the service name that you copied in step 1. Click Verify service. 
    Create Endpoint details.png

  8. In the VPC dropdown, select the VPC that you want to use for the File server, NAS, MS SQL Server, or Oracle DTC server deployment. Ensure that the Druva service is available in the availability zone for the subnet that you intend to use. If the service is available in the availability zone, proceed with the endpoint creation for your EC2 deployment. Else repeat the verification for an alternate VPC and a different subnet where the Druva service is available in the Availability Zone. 

  9. In the Security groups section, select a security group that allows HTTPS inbound and outbound for the entire VPC CIDR.

  10. On the Create Endpoint page, click Create endpoint.

Once the endpoint creation is successful, the endpoint details show DNS names populated successfully. Make a note of the first DNS name under the endpoint details.
DNS names - backup service endpoint.png

VPC endpoint for the Druva node service in the existing VPC

  1. Copy the Druva node service name that corresponds to the region where you've deployed the EC2 instance for your file server, NAS, MS SQL Server, or Oracle DTC server from the following table:
    Note: The n[0-20] signifies twenty Druva Node Service DNS records that need to be created corresponding to each Druva node service name. Example: n0-c990-phoenix.druva.com
     
    Region Druva Node Service DNS Record Druva node service name
    ap-south-1 n[0-20]-c100990-phoenix.druva.com com.amazonaws.vpce.ap-south-1.vpce-svc-0f87d032dbfa3893b
    ap-east-1 n[0-20]-c100141-phoenix.druva.com com.amazonaws.vpce.ap-east-1.vpce-svc-0c12f779b5fc163c2
    us-east-1 n[0-20]-c100005-phoenix.druva.com com.amazonaws.vpce.us-east-1.vpce-svc-0a8fae87f5a340f9f
    ap-northeast-1 n[0-20]-c100008-phoenix.druva.com com.amazonaws.vpce.ap-northeast-1.vpce-svc-0b9c05f251351782a
    ap-southeast-1 n[0-20]-c100009-phoenix.druva.com com.amazonaws.vpce.ap-southeast-1.vpce-svc-0d73f3627d4dbbff3
     
    ap-southeast-2 n[0-20]-c100003-phoenix.druva.com com.amazonaws.vpce.ap-southeast-2.vpce-svc-09d49ed327fb8dadf

  2. Log in to the AWS Management Console. Ensure you are logged into the region where you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.

  3. From the search bar at the top, search for and navigate to the VPC service.

  4. In the navigation pane on the left, under VIRTUAL PRIVATE CLOUD, click Endpoints.

  5. On the Endpoints page, click Create Endpoint.

  6. On the Create Endpoint page, under the Service category click PrivateLink Ready partner services.

  7. In the Service Name field under Service settings, paste the service name that you copied in step 1 of the VPC endpoint for the Druva node service. Click Verify service. 

  8. In the VPC dropdown, select the VPC that you want to use for the File server, NAS, MS SQL Server, or Oracle DTC server deployment. Ensure that the Druva service is available in the availability zone for the subnet that you intend to use. If the service is available in the availability zone, proceed with the endpoint creation for your EC2 deployment. Else repeat the verification for an alternate VPC and a different subnet where the Druva service is available in the Availability Zone. 

  9. In the Security groups section, select a security group that allows HTTPS inbound and outbound for the entire VPC CIDR.

  10. On the Create Endpoint page, click Create endpoint.

 Once the endpoint creation is successful, the endpoint details show DNS names populated successfully. Make a note of the first DNS name under the endpoint details.

Step 2: Add Route 53 DNS records in the existing VPC

  1. Log in to the AWS Management Console. Ensure you are logged into the region where you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.
  2. From the search bar at the top, search for and navigate to the Route 53 service.
  3. In the left pane, click Hosted zones.
  4. On the Hosted zones page, click Create hosted zone.
  5. Create a Private hosted zone for the domain druva.com. Select the region and VPC in which an EC2 instance for your File Server, NAS, MS SQL server, or Oracle DTC server is created. Perform the following tasks:
    Hosted zone configuration
    Domain name druva.com
    Type Private hosted zone
    VPC to associate with the hosted zone
    Region Select the region in which your EC2 instance has been deployed.
    VPC ID Select the VPC ID in which your EC2 instance has been created.

  6. Click Create hosted zone.

  7. Click the newly created private hosted zone.

  8. Click Create record with record name backup-ap1-<cloudname>  and create the following DNS records:
Record name Value
backup-ap1-phoenix.druva.com Backup Service VPC Endpoint DNS name
notifier-ap1-phoenix.druva.com Backup Service VPC Endpoint DNS name
nas-accelerator-notifier-ap1-phoenix.druva.com
(for NAS only)		 Backup Service VPC Endpoint DNS name
deviceapigw-ap1-phoenix.druva.com
devicenotifier-ap1-phoenix.druva.com
devicestore-ap1-phoenix.druva.com (for Oracle only)		 Backup Service VPC Endpoint DNS name

Druva Node-Service DNS Record (corresponding to the region where EC2 instance is deployed)

Example

N[0-20]-c5-phoenix.druva.com
Note: The n[0-20] signifies twenty Druva Node Service DNS records that need to be created corresponding to each Druva node service name. Example: n0-c5-phoenix.druva.com		 Node Service VPC Endpoint DNS name

Creating a record

  1. Log in to the AWS Management Console
  2. From the search bar at the top, search for and navigate to the Route 53 service.
  3. In the left pane, click Hosted zones.
  4. On the Hosted zones page, click the zone where you want to create a record and click Create record.
  5. On the Create record page, do the following:
    1. Enter the record name.
    2. In the Record type field, select  A - Routes traffic to an IPv4 address and some AWS resources.
    3. Enable the Alias toggle button.
    4. In the Route traffic to field, select Alias to VPC endpoint, select the region and add the corresponding DNS name.
    5. In the Routing policy field, select Latency and the region.
    6. Enter the Record ID and click Create records.
      CreateRecord.jpg

Perform the following tasks to determine if AWS PrivateLink is enabled for your AWS EC2 instance or not:

  1. On the Amazon EC2 instance for your File Server, NAS, SQL server, or Oracle DTC server, open the command prompt and issue the following command:
    nslookup backup-phoenix.druva.com
    The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the backup service.
    IP address for VPC endpoint - Backup Service.png

  2. Issue the following command:
    nslookup notifier-ap1-phoenix.druva.com
    The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the backup service.

  3. Issue the following command:
    nslookup n[0-20]-c5-phoenix.druva.com
    Where n[0-20] is any one of the Druva Node service DNS record names. Example: n6-c5-phoenix.druva.com. The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the Druva node service.

If the IP addresses for all the steps are similar to those configured for the VPC endpoints, the EC2 instance will use AWS PrivateLink for communication with the Druva Cloud.

Next steps

You can delete old endpoints and the Route 53 DNS records after the agent connect to the new services. Ensure that the DNS record for globalapis.druva.com is added with the new backup endpoint service.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.