AWS Private Link migration of SQL servers to new deployment in APAC region
- Last updated
- Save as PDF



Overview
This article is intended for customers in the APAC region who have deployed File Server, NAS, SQL Server, or Oracle DTC server in an AWS EC2 instance and use AWS PrivateLink for communication between the server and Druva Cloud. Starting February 18, 2023, you must upgrade the Druva components deployed in your AWS PrivateLink infrastructure to continue communication with the Druva Cloud.
You must make the following changes in your infrastructure before February 18, 2023:
Step 1: Create VPC Endpoints in the existing VPC
Create VPC endpoints for the following services:
VPC endpoint for the backup service in the existing VPC
- Copy the Druva backup service name that corresponds to the region where you've deployed the EC2 instance for your file server, NAS, MS SQL Server, or Oracle DTC server from the following table:
Region Druva backup service name ap-south-1 com.amazonaws.vpce.ap-south-1.vpce-svc-038a1c15513474e92 ap-east-1 com.amazonaws.vpce.ap-east-1.vpce-svc-0f01357d9e7b92a1 us-east-1 com.amazonaws.vpce.us-east-1.vpce-svc-012c8b98c0d1960b0 ap-northeast-1 com.amazonaws.vpce.ap-northeast-1.vpce-svc-02eb8e33ec1c0a659 ap-southeast-1 com.amazonaws.vpce.ap-southeast-1.vpce-svc-01d760db310926437 ap-southeast-2 com.amazonaws.vpce.ap-southeast-2.vpce-svc-0d0d50753809549ac - Log in to the AWS Management Console. Ensure you are logged into the region you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.
-
From the search bar at the top, search for and navigate to the VPC service.
-
In the navigation pane on the left, under VIRTUAL PRIVATE CLOUD, click Endpoints.
- On the Endpoints page, click Create Endpoint.
-
On the Create Endpoint page, under the Service category click PrivateLink Ready partner services.
- In the Service Name field under Service settings, paste the service name that you copied in step 1. Click Verify service.
-
In the VPC dropdown, select the VPC that you want to use for the File server, NAS, MS SQL Server, or Oracle DTC server deployment. Ensure that the Druva service is available in the availability zone for the subnet that you intend to use. If the service is available in the availability zone, proceed with the endpoint creation for your EC2 deployment. Else repeat the verification for an alternate VPC and a different subnet where the Druva service is available in the Availability Zone.
-
In the Security groups section, select a security group that allows HTTPS inbound and outbound for the entire VPC CIDR.
- On the Create Endpoint page, click Create endpoint.
Once the endpoint creation is successful, the endpoint details show DNS names populated successfully. Make a note of the first DNS name under the endpoint details.
VPC endpoint for the Druva node service in the existing VPC
- Copy the Druva node service name that corresponds to the region where you've deployed the EC2 instance for your file server, NAS, MS SQL Server, or Oracle DTC server from the following table:
Note: The n[0-20] signifies twenty Druva Node Service DNS records that need to be created corresponding to each Druva node service name. Example: n0-c990-phoenix.druva.com
Region Druva Node Service DNS Record Druva node service name ap-south-1 n[0-20]-c100990-phoenix.druva.com com.amazonaws.vpce.ap-south-1.vpce-svc-0f87d032dbfa3893b ap-east-1 n[0-20]-c100141-phoenix.druva.com com.amazonaws.vpce.ap-east-1.vpce-svc-0c12f779b5fc163c2 us-east-1 n[0-20]-c100005-phoenix.druva.com com.amazonaws.vpce.us-east-1.vpce-svc-0a8fae87f5a340f9f ap-northeast-1 n[0-20]-c100008-phoenix.druva.com com.amazonaws.vpce.ap-northeast-1.vpce-svc-0b9c05f251351782a ap-southeast-1 n[0-20]-c100009-phoenix.druva.com com.amazonaws.vpce.ap-southeast-1.vpce-svc-0d73f3627d4dbbff3
ap-southeast-2 n[0-20]-c100003-phoenix.druva.com com.amazonaws.vpce.ap-southeast-2.vpce-svc-09d49ed327fb8dadf -
Log in to the AWS Management Console. Ensure you are logged into the region where you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.
-
From the search bar at the top, search for and navigate to the VPC service.
-
In the navigation pane on the left, under VIRTUAL PRIVATE CLOUD, click Endpoints.
-
On the Endpoints page, click Create Endpoint.
-
On the Create Endpoint page, under the Service category click PrivateLink Ready partner services.
-
In the Service Name field under Service settings, paste the service name that you copied in step 1 of the VPC endpoint for the Druva node service. Click Verify service.
-
In the VPC dropdown, select the VPC that you want to use for the File server, NAS, MS SQL Server, or Oracle DTC server deployment. Ensure that the Druva service is available in the availability zone for the subnet that you intend to use. If the service is available in the availability zone, proceed with the endpoint creation for your EC2 deployment. Else repeat the verification for an alternate VPC and a different subnet where the Druva service is available in the Availability Zone.
-
In the Security groups section, select a security group that allows HTTPS inbound and outbound for the entire VPC CIDR.
- On the Create Endpoint page, click Create endpoint.
Once the endpoint creation is successful, the endpoint details show DNS names populated successfully. Make a note of the first DNS name under the endpoint details.
Step 2: Add Route 53 DNS records in the existing VPC
- Log in to the AWS Management Console. Ensure you are logged into the region where you have deployed the EC2 instance for your File Server, NAS, MS SQL Server, or Oracle DTC server.
- From the search bar at the top, search for and navigate to the Route 53 service.
- In the left pane, click Hosted zones.
- On the Hosted zones page, click Create hosted zone.
- Create a Private hosted zone for the domain druva.com. Select the region and VPC in which an EC2 instance for your File Server, NAS, MS SQL server, or Oracle DTC server is created. Perform the following tasks:
Hosted zone configuration Domain name druva.com Type Private hosted zone VPC to associate with the hosted zone Region Select the region in which your EC2 instance has been deployed. VPC ID Select the VPC ID in which your EC2 instance has been created. -
Click Create hosted zone.
-
Click the newly created private hosted zone.
- Click Create record with record name backup-ap1-<cloudname> and create the following DNS records:
Record name | Value |
---|---|
backup-ap1-phoenix.druva.com | Backup Service VPC Endpoint DNS name |
notifier-ap1-phoenix.druva.com | Backup Service VPC Endpoint DNS name |
nas-accelerator-notifier-ap1-phoenix.druva.com (for NAS only) |
Backup Service VPC Endpoint DNS name |
deviceapigw-ap1-phoenix.druva.com devicenotifier-ap1-phoenix.druva.com devicestore-ap1-phoenix.druva.com (for Oracle only) |
Backup Service VPC Endpoint DNS name |
Druva Node-Service DNS Record (corresponding to the region where EC2 instance is deployed) Example N[0-20]-c5-phoenix.druva.comNote: The n[0-20] signifies twenty Druva Node Service DNS records that need to be created corresponding to each Druva node service name. Example: n0-c5-phoenix.druva.com |
Node Service VPC Endpoint DNS name |
Creating a record
- Log in to the AWS Management Console.
- From the search bar at the top, search for and navigate to the Route 53 service.
- In the left pane, click Hosted zones.
- On the Hosted zones page, click the zone where you want to create a record and click Create record.
- On the Create record page, do the following:
- Enter the record name.
- In the Record type field, select A - Routes traffic to an IPv4 address and some AWS resources.
- Enable the Alias toggle button.
- In the Route traffic to field, select Alias to VPC endpoint, select the region and add the corresponding DNS name.
- In the Routing policy field, select Latency and the region.
- Enter the Record ID and click Create records.
Verify if AWS PrivateLink is enabled
Perform the following tasks to determine if AWS PrivateLink is enabled for your AWS EC2 instance or not:
- On the Amazon EC2 instance for your File Server, NAS, SQL server, or Oracle DTC server, open the command prompt and issue the following command:
nslookup backup-phoenix.druva.com
The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the backup service.
-
Issue the following command:
nslookup notifier-ap1-phoenix.druva.com
The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the backup service. -
Issue the following command:
nslookup n[0-20]-c5-phoenix.druva.com
Where n[0-20] is any one of the Druva Node service DNS record names. Example: n6-c5-phoenix.druva.com. The IP address returned in the command output must be the same as the IP address visible in the Subnets tab for the VPC endpoint for the Druva node service.
If the IP addresses for all the steps are similar to those configured for the VPC endpoints, the EC2 instance will use AWS PrivateLink for communication with the Druva Cloud.
Next steps
You can delete old endpoints and the Route 53 DNS records after the agent connect to the new services. Ensure that the DNS record for globalapis.druva.com is added with the new backup endpoint service.